-
Cookie question.
I was going to post this in General Chit-Chat, but figured this was more of an encrytpion/decryption question.
I've been curious about the info stored in cookies. For example, I know that Yahoo cookies stores your U/N and P/W info so that you don't have to login every time. If someone managed to get this cookie, they would be able to access that account unless the cookie expired. My question is, if the cookie does expire, is there still a way to extract that info using some type of decryption program or algorithm?
-
Compare cookies from multiple sessions and multiple name/pass combinations. On some sites (not sure about yahoo), you can fake the experation time, so you don't need the actual login or pass.
-
souleman,
Thanks for the reply. That's not exactly what I was asking, perhaps I worded the question incorrectly. I was trying to say that if someone obtained my cookie for yahoo, and they didn't know my U/N or P/W, is there still a way for them to use the info in that cookie to impersonate me, or decrypt the info and get my U/N - P/W in plain text...does that make sense?
Thanks again.
-
T1T3SONET -
I think there must be a way to do that...but as to how I wouldn't have the foggiest idea...
Would they be able to just use the cookie from there hd?
-
There is a law on cookies, they are legal if they are only readable by the server. All that means is that the encryption has to be atleast decent because companies would want to stay out of lawsuits. I doubt there are scripts to insert a cookie and decrypt a specific cookie, but www.google.com; it's a wild goose chase. ;)
-
ArmyOfOne,
Yeah, I Google'd the hell out of it...and I couldn't find anything specific as to how one would decrypt the info from a cookie. It has to be possible. Maybe it's not.
Thanks to everybody for your input.
-
Here's another question if you copied let's say the Yahoo cookie, went to another computer and some how pasted it back into the Temporary Internet Files folder would it allow you into the Yahoo site on that account and would that be possible?
-
T1T3SONET> That was exactly my point. I could impersonte you without ever decripting your username or password. Maybe not with yahoo, but with a lot of sites cookies. All you have to do is change the experation time on the cookie, and maybe a few other characters, and you are all set. Once you examine enough cookies from a single site, you will learn how they are setup.
Example> I get a copy of your yahoo cookie. I change the experation time to 5 hours from now. I goto yahoo.com. I am already logged on as you.
-
Yeah it works if you copy someones cookies put them on a disk and boot up on your machine go to the site and it should open up the cookie no problem and you would be able to login as if you were that user
-
Cookies are for eating!
Nah, seriously, Proximotron, or some thing like that, well ne way's it has a cookie mod. so u can look around and see what makes them tic, and also it allows you to fake them!... :)
- Noia