...

View Full Version : Cookie Retrieving (request)



jezzajezza
01-11-2006, 01:23 AM
Hello,

I am after someone who can put a code or something on my web site which will retrieve the users cookies he or she has on their computer from ANOTHER web site.

This is possible and it is used with some java script code.

Willing to pay money for this so please add me on

MSN: chatmaster@chattar.com

Thanks

mark87
01-11-2006, 01:28 AM
It is not possible, cookies cannot be read from a domain other than the one they were created by. If they could, we'd be in a lot of trouble.

jezzajezza
01-11-2006, 01:31 AM
Well it is possible :-)

There are about 1000000 articles about doing it

Anyone else wanto help me?

jkd
01-11-2006, 01:34 AM
Please refrain from crossposting in the future.

In any case, I cannot think of any legitimate use of peaking at cookies associated with other domains, other than to steal passwords or session info. This is possible with any cross-domain scripting exploit, of which there are plenty in IE (particularly if the computer isn't fully patched), but where is the motivation to give you code to steal our passwords? Unless of course, I'm missing some obvious reason that is eluding me at the moment (in other words, please correct me if I'm wrong).

jezzajezza
01-11-2006, 01:56 AM
I am not after the code for that reason, what so ever. :-)

I am after it so I can simply track where my clients have been and which competitors sites they have been to also to see if they are legimate people.

I would appreciate your help

Thanks! :)

marcus1060
01-11-2006, 02:28 AM
I am not after the code for that reason, what so ever. :-)

I am after it so I can simply track where my clients have been and which competitors sites they have been to also to see if they are legimate people.

I would appreciate your help

Thanks! :)

Yeah, put that in Privacy Policy, and anybody smart won't buy anything from you.

jkd
01-11-2006, 02:38 AM
I am not after the code for that reason, what so ever. :-)

I am after it so I can simply track where my clients have been and which competitors sites they have been to also to see if they are legimate people.

I would appreciate your help

Thanks! :)

That is still unethical, given user-expectations of surfing a website and their privacy.

missing-score
01-11-2006, 07:32 AM
I agree, its wrong, you shouldnt even want to do it let alone be thinking about doing it....

If there are that many articles then go do it yourself ;)

What you have probably read is about XSS (Cross Site Scripting) which can be a problem when web applications have been badly designed. Its not a method of setting it up, its a method of exploiting badly designed websites with content management systems to steal sessions and passwords. You have to know what you are doing and most good systems are protected against XSS.

Through the native browser UI there is no way to retrieve cookies from another website, as the web browser will only send the cookie for your website.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum