Previous Thread
Next Thread
Print Thread
Rate Thread
#10542 03/15/02 09:39 AM
Joined: Mar 2002
Posts: 56
S
spectre Offline OP
Junior Member
OP Offline
Junior Member
S
Joined: Mar 2002
Posts: 56
Do cookies function with a TTL kinda the way a packet does over the internet. its sent to u then starts counting down to when it should delete itself (if thats what its supposed to do).

also, i have noticed that all cookies have

Cookie:username@website

Cookie being the focus here. I tried renaming something else (another file) to be Cookie:_____@______ but had a problem: cannot save files with a : in the name. Also, cookie seems to be considered a drive almost of its own. anyone have any ideas here?

#10543 03/15/02 01:05 PM
Joined: Mar 2002
Posts: 61
A
AK Offline
Junior Member
Offline
Junior Member
A
Joined: Mar 2002
Posts: 61
cookies stay until you clear ur cache.

#10544 03/15/02 01:37 PM
Joined: Mar 2002
Posts: 56
S
spectre Offline OP
Junior Member
OP Offline
Junior Member
S
Joined: Mar 2002
Posts: 56
hotmail cookies dont. or @ least they deactivate themselves.

#10545 03/16/02 07:43 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
yes. Cookie's can be set to be set to delete themselves on a given date/time. They can be set as 'volatile' in which they get deleted when you close your browser. They can be set permenently as well.

All temporary files including cookies are special files. You cannot manipulate them in the normal way. If you want to modify them, I don't know how you can do it... easily (/me has the beginnings of a wicked idea if it's worth modifying a cookie - hrm, maybe for insecure websites). But usually, all you can do is delete them, or move/copy them to another location.


Domain Registration, Hosting, Management
http://www.dollardns.net
#10546 03/17/02 03:24 PM
Joined: Mar 2002
Posts: 524
D
Member
Offline
Member
D
Joined: Mar 2002
Posts: 524

#10547 03/18/02 06:30 AM
Joined: Mar 2002
Posts: 1,273
DollarDNS Owner
Offline
DollarDNS Owner
Joined: Mar 2002
Posts: 1,273
Here's my "wicked idea" on how to modify a cookie:

Requires:
Webserver Software (Get Apache!)
Some webdesign exp with modifying cookies
aaaaaaaaaaaand.. windows!

Alrighty, let's pick a target for testing purposes. How bout www.joeisahoe.com? Great! Goto your hosts.sam file (modify any other hosts.x files found in your windows dir to be safe) and open it in Notepad. Add another entry for www.joeisahoe.com. It's contents should now look like this:

127.0.0.1 localhost
127.0.0.1 www.joeisahoe.com

Reboot your computer so that the changes take effect.

Good! Install your webserver software if you don't already have it. Configure a site for www.joeisahoe.com. Then make your index page to modify the cookie's contents. Run the webserver.

Now open your favorite web browser and connect to http://www.joeisahoe.com. The cookie's contents have been changed!

Why does this work?

Well, this is how domains are usually resolved:

Program asks windows for the IP associated with a domain
Windows looks in the hosts file for the IP
If windows doesn't find it, it queries the DNS server for the IP

So when you changed the hosts file, now whenever you connect to www.joeisahoe.com - you are connecting to 127.0.0.1 and your running webserver! Since IE sees that you're connecting to that domain, it modifies the proper cookie associated with that domain. You are PERFECTLY imitating that website.

Why is this worth your time?

Dunno. laugh But if a website was setup kinda weak, then maybe you can exploit some vulnerability by doing the unexpected and modifying the cookie.


Domain Registration, Hosting, Management
http://www.dollardns.net

Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5