-
March 27th, 2002, 07:43 PM
#1
Member
Cookie question.
I was going to post this in General Chit-Chat, but figured this was more of an encrytpion/decryption question.
I've been curious about the info stored in cookies. For example, I know that Yahoo cookies stores your U/N and P/W info so that you don't have to login every time. If someone managed to get this cookie, they would be able to access that account unless the cookie expired. My question is, if the cookie does expire, is there still a way to extract that info using some type of decryption program or algorithm?
\"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\" -- Albert Einstein
-
March 27th, 2002, 07:54 PM
#2
Compare cookies from multiple sessions and multiple name/pass combinations. On some sites (not sure about yahoo), you can fake the experation time, so you don't need the actual login or pass.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 27th, 2002, 08:13 PM
#3
Member
souleman,
Thanks for the reply. That's not exactly what I was asking, perhaps I worded the question incorrectly. I was trying to say that if someone obtained my cookie for yahoo, and they didn't know my U/N or P/W, is there still a way for them to use the info in that cookie to impersonate me, or decrypt the info and get my U/N - P/W in plain text...does that make sense?
Thanks again.
\"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\" -- Albert Einstein
-
March 27th, 2002, 09:39 PM
#4
T1T3SONET -
I think there must be a way to do that...but as to how I wouldn't have the foggiest idea...
Would they be able to just use the cookie from there hd?
- Jimmy Mac
Replicants are like any technology, if there not a hazard, its not my problem....
-
March 27th, 2002, 09:53 PM
#5
Senior Member
There is a law on cookies, they are legal if they are only readable by the server. All that means is that the encryption has to be atleast decent because companies would want to stay out of lawsuits. I doubt there are scripts to insert a cookie and decrypt a specific cookie, but www.google.com; it's a wild goose chase.
Search First Ask Second. www.google.com
-
March 27th, 2002, 10:00 PM
#6
Member
ArmyOfOne,
Yeah, I Google'd the hell out of it...and I couldn't find anything specific as to how one would decrypt the info from a cookie. It has to be possible. Maybe it's not.
Thanks to everybody for your input.
\"Only two things are infinite, the universe and human stupidity, and I\'m not sure about the former.\" -- Albert Einstein
-
March 27th, 2002, 10:24 PM
#7
Senior Member
Here's another question if you copied let's say the Yahoo cookie, went to another computer and some how pasted it back into the Temporary Internet Files folder would it allow you into the Yahoo site on that account and would that be possible?
-
March 27th, 2002, 10:28 PM
#8
T1T3SONET> That was exactly my point. I could impersonte you without ever decripting your username or password. Maybe not with yahoo, but with a lot of sites cookies. All you have to do is change the experation time on the cookie, and maybe a few other characters, and you are all set. Once you examine enough cookies from a single site, you will learn how they are setup.
Example> I get a copy of your yahoo cookie. I change the experation time to 5 hours from now. I goto yahoo.com. I am already logged on as you.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 27th, 2002, 10:36 PM
#9
Yeah it works if you copy someones cookies put them on a disk and boot up on your machine go to the site and it should open up the cookie no problem and you would be able to login as if you were that user
-
March 27th, 2002, 10:51 PM
#10
Cookies are for eating!
Nah, seriously, Proximotron, or some thing like that, well ne way's it has a cookie mod. so u can look around and see what makes them tic, and also it allows you to fake them!...
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|