Paid Advertising is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
using cookie session
Date: February 05, 2008 10:04AM

Hi everybody,
i am sorry for posting in the wrong forum i think that this forum is the right one.

I am new in the XSS field and i have a little problem:
I can catch the session cookie from a website but the problem is that i don't know how to use it. When i create a new cookie and i fill it's content with the content of the original cookie when i connect to the website it didn't recognize me.
I confirm that the session cookie is fresh (1 minute after the victim logged in).

thx for help,

Options: ReplyQuote
Re: using cookie session
Posted by: Martin
Date: February 06, 2008 02:55AM

It could be that the site will only recognise cookies that come from the same IP address as the originator. Alternatively there could be an HttpOnly cookie hidden that you are not receiving. Switch/Twitch .NETIDS

Options: ReplyQuote
Re: using cookie session
Posted by: J4zen
Date: February 07, 2008 10:22AM

Personally i always mess around with Cookie Editor(FF plugin) and log what cookies are being read by LiveHTTPheader(also FF plugin). Then continue from there :)

Options: ReplyQuote

Sorry, only registered users may post in this forum.