Here's my "wicked idea" on how to modify a cookie:
Webserver Software (Get Apache!)
Some webdesign exp with modifying cookies
Alrighty, let's pick a target for testing purposes. How bout http://www.joeisahoe.com?
Great! Goto your hosts.sam file (modify any other hosts.x files found in your windows dir to be safe) and open it in Notepad. Add another entry for http://www.joeisahoe.com.
It's contents should now look like this:
Reboot your computer so that the changes take effect.
Good! Install your webserver software if you don't already have it. Configure a site for http://www.joeisahoe.com.
Then make your index page to modify the cookie's contents. Run the webserver.
Now open your favorite web browser and connect to http://www.joeisahoe.com.
The cookie's contents have been changed!
Why does this work?
Well, this is how domains are usually resolved:
Program asks windows for the IP associated with a domain
Windows looks in the hosts file for the IP
If windows doesn't find it, it queries the DNS server for the IP
So when you changed the hosts file, now whenever you connect to http://www.joeisahoe.com
- you are connecting to 127.0.0.1 and your running webserver! Since IE sees that you're connecting to that domain, it modifies the proper cookie associated with that domain. You are PERFECTLY imitating that website.
Why is this worth your time?
But if a website was setup kinda weak, then maybe you can exploit some vulnerability by doing the unexpected and modifying the cookie.