UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
Sponsored Links
Latest Postings
The History Thread...
by Gremelin
09/18/14 12:42 PM
Doom 3
by Cyrez
09/11/14 11:58 PM
Latest Reviews
Topic Options
Rate This Topic
#10542 - 03/15/02 11:39 AM Do cookies have a TTL
spectre Offline
Junior Member

Registered: 03/05/02
Posts: 56
Loc: 192.168.128.80
Do cookies function with a TTL kinda the way a packet does over the internet. its sent to u then starts counting down to when it should delete itself (if thats what its supposed to do).

also, i have noticed that all cookies have

Cookie:username@website

Cookie being the focus here. I tried renaming something else (another file) to be Cookie:_____@______ but had a problem: cannot save files with a : in the name. Also, cookie seems to be considered a drive almost of its own. anyone have any ideas here?
_________________________
http://www.javaspot.net

Top
Sponsored Links
      
#10543 - 03/15/02 03:05 PM Re: Do cookies have a TTL
AK Offline
Junior Member

Registered: 03/13/02
Posts: 61
cookies stay until you clear ur cache.

Top
#10544 - 03/15/02 03:37 PM Re: Do cookies have a TTL
spectre Offline
Junior Member

Registered: 03/05/02
Posts: 56
Loc: 192.168.128.80
hotmail cookies dont. or @ least they deactivate themselves.
_________________________
http://www.javaspot.net

Top
#10545 - 03/16/02 09:43 AM Re: Do cookies have a TTL
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
yes. Cookie's can be set to be set to delete themselves on a given date/time. They can be set as 'volatile' in which they get deleted when you close your browser. They can be set permenently as well.

All temporary files including cookies are special files. You cannot manipulate them in the normal way. If you want to modify them, I don't know how you can do it... easily (/me has the beginnings of a wicked idea if it's worth modifying a cookie - hrm, maybe for insecure websites). But usually, all you can do is delete them, or move/copy them to another location.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#10546 - 03/17/02 05:24 PM Re: Do cookies have a TTL
dashocker Offline
Member

Registered: 03/05/02
Posts: 524
Loc: Cornfields everywhere...

Top
#10547 - 03/18/02 08:30 AM Re: Do cookies have a TTL
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
Here's my "wicked idea" on how to modify a cookie:

Requires:
Webserver Software (Get Apache!)
Some webdesign exp with modifying cookies
aaaaaaaaaaaand.. windows!

Alrighty, let's pick a target for testing purposes. How bout http://www.joeisahoe.com? Great! Goto your hosts.sam file (modify any other hosts.x files found in your windows dir to be safe) and open it in Notepad. Add another entry for http://www.joeisahoe.com. It's contents should now look like this:

127.0.0.1 localhost
127.0.0.1 http://www.joeisahoe.com

Reboot your computer so that the changes take effect.

Good! Install your webserver software if you don't already have it. Configure a site for http://www.joeisahoe.com. Then make your index page to modify the cookie's contents. Run the webserver.

Now open your favorite web browser and connect to http://www.joeisahoe.com. The cookie's contents have been changed!

Why does this work?

Well, this is how domains are usually resolved:

Program asks windows for the IP associated with a domain
Windows looks in the hosts file for the IP
If windows doesn't find it, it queries the DNS server for the IP

So when you changed the hosts file, now whenever you connect to http://www.joeisahoe.com - you are connecting to 127.0.0.1 and your running webserver! Since IE sees that you're connecting to that domain, it modifies the proper cookie associated with that domain. You are PERFECTLY imitating that website.

Why is this worth your time?

Dunno. But if a website was setup kinda weak, then maybe you can exploit some vulnerability by doing the unexpected and modifying the cookie.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top

Moderator:  Infinite 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
34735 Topics
69905 Posts

Max Online: 1567 @ 04/25/10 05:20 AM
Top Posters
UGN Security 27897
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
0 registered (), 428 Guests and 281 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!