Cookie question.
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Cookie question.

  1. #1
    Member
    Join Date
    Nov 2001
    Posts
    35

    Question Cookie question.

    I was going to post this in General Chit-Chat, but figured this was more of an encrytpion/decryption question.

    I've been curious about the info stored in cookies. For example, I know that Yahoo cookies stores your U/N and P/W info so that you don't have to login every time. If someone managed to get this cookie, they would be able to access that account unless the cookie expired. My question is, if the cookie does expire, is there still a way to extract that info using some type of decryption program or algorithm?
    \"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\" -- Albert Einstein

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Compare cookies from multiple sessions and multiple name/pass combinations. On some sites (not sure about yahoo), you can fake the experation time, so you don't need the actual login or pass.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Member
    Join Date
    Nov 2001
    Posts
    35
    souleman,

    Thanks for the reply. That's not exactly what I was asking, perhaps I worded the question incorrectly. I was trying to say that if someone obtained my cookie for yahoo, and they didn't know my U/N or P/W, is there still a way for them to use the info in that cookie to impersonate me, or decrypt the info and get my U/N - P/W in plain text...does that make sense?
    Thanks again.
    \"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\" -- Albert Einstein

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    376
    T1T3SONET -

    I think there must be a way to do that...but as to how I wouldn't have the foggiest idea...

    Would they be able to just use the cookie from there hd?
    - Jimmy Mac

    Replicants are like any technology, if there not a hazard, its not my problem....

  5. #5
    Senior Member
    Join Date
    Dec 2001
    Posts
    243
    There is a law on cookies, they are legal if they are only readable by the server. All that means is that the encryption has to be atleast decent because companies would want to stay out of lawsuits. I doubt there are scripts to insert a cookie and decrypt a specific cookie, but www.google.com; it's a wild goose chase.
    Search First Ask Second. www.google.com

  6. #6
    Member
    Join Date
    Nov 2001
    Posts
    35
    ArmyOfOne,

    Yeah, I Google'd the hell out of it...and I couldn't find anything specific as to how one would decrypt the info from a cookie. It has to be possible. Maybe it's not.

    Thanks to everybody for your input.
    \"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\" -- Albert Einstein

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    151
    Here's another question if you copied let's say the Yahoo cookie, went to another computer and some how pasted it back into the Temporary Internet Files folder would it allow you into the Yahoo site on that account and would that be possible?
    -[h3llbringer] is back, again.
    -MSN CLoNE.

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    T1T3SONET> That was exactly my point. I could impersonte you without ever decripting your username or password. Maybe not with yahoo, but with a lot of sites cookies. All you have to do is change the experation time on the cookie, and maybe a few other characters, and you are all set. Once you examine enough cookies from a single site, you will learn how they are setup.

    Example> I get a copy of your yahoo cookie. I change the experation time to 5 hours from now. I goto yahoo.com. I am already logged on as you.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Yeah it works if you copy someones cookies put them on a disk and boot up on your machine go to the site and it should open up the cookie no problem and you would be able to login as if you were that user

  10. #10
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Cookies are for eating!
    Nah, seriously, Proximotron, or some thing like that, well ne way's it has a cookie mod. so u can look around and see what makes them tic, and also it allows you to fake them!...

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •