Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7

Thread: Faking cookies

  1. #1
    New Coder
    Join Date
    Oct 2004
    Posts
    65
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Faking cookies

    Imagine a web page. We shall call it Web page A. To view this web page A the user must have a cookie in their browser called "Camb". If they point their browser at web page A and they don't have this "Camb" cookie then they are redirected to an error page. If they do have the "Camb" cookie they are allowed to stay and view the content of web page A.
    They can pick up this cookie if they visit web page B.

    That is the viewer can only view web page A if they have been to web page B previously.

    Is there anyway to cheat this system so that one can look at web page A without previously having been to web page B?

    That is assuming disabling cookies is not an option.

    Could the user maybe somehow put a cookie on their browser and call it "Camb"? Can cookies be faked like this? Is a cookie just a name and so can be faked so easily like this - just by putting a cookie with the same name on the browser? Or is there more to them?

    Would so appreciate some help with this. Many thanks,

    P.S I apoligise that this post may be a bit off topic for the forum- but it is related to javascript in a sense that javascript is the language of cookies.

  • #2
    Regular Coder
    Join Date
    Jul 2002
    Location
    Kansas, USA
    Posts
    477
    Thanks
    0
    Thanked 51 Times in 50 Posts
    There are ways to make this work, but Javascript is not the solution. The easiest way to circumvent this javascript/cookie method is just to disable javascript.

    And yes, a user could just put a cookie on their machine to spoof this system, but disabling javascript is easier.

    If you really need this to work, you should look into a server-side language like PHP. PHP can read cookies and unlike javascript, the source code of PHP is hidden from the browser.

  • #3
    Smokes a Lot
    Join Date
    Jul 2003
    Location
    CA, USA
    Posts
    1,594
    Thanks
    5
    Thanked 20 Times in 20 Posts
    You can spoof cookies? My understanding is that cookies can only be read by the domain that created them. . .In which case the name of the cookie is completly irrelevent when speaking outside the domain that "baked" it. I could be wrong but. . .

    Basscyst
    Helping to build a bigger box. - Adam Matthews

  • #4
    New Coder
    Join Date
    Oct 2004
    Posts
    65
    Thanks
    0
    Thanked 0 Times in 0 Posts

    RE:your javascript password script

    RE: "You can spoof cookies? My understanding is that cookies can only be read by the domain that created them. . .In which case the name of the cookie is completly irrelevent when speaking outside the domain that "baked" it. I could be wrong but. . ."

    HOPE!! Is this correct? Am i getting excited over a wrong turn? I really hope that this paragraph is correct. CAn anyone verify/refute it?

    thanks guys.

  • #5
    Regular Coder
    Join Date
    Jul 2002
    Location
    Kansas, USA
    Posts
    477
    Thanks
    0
    Thanked 51 Times in 50 Posts
    As far as different domains are concerned, this is true. But a user can create their own cookies outisde or inside the browser.

    Paste this in the address bar while browsing codingforums.com and the cookie will show up with codingforums.com as the domain.
    Code:
    javascript:void(document.cookie='cookieTest=1234')
    To verify it created the cookie, use
    Code:
    javascript:alert(document.cookie)

  • #6
    Smokes a Lot
    Join Date
    Jul 2003
    Location
    CA, USA
    Posts
    1,594
    Thanks
    5
    Thanked 20 Times in 20 Posts
    Ahh, indeed, hadn't thought about that. Tricky tricky.

    Basscyst
    Helping to build a bigger box. - Adam Matthews

  • #7
    Senior Coder
    Join Date
    Aug 2002
    Location
    UK
    Posts
    2,789
    Thanks
    2
    Thanked 14 Times in 14 Posts
    I did something very similar to your request some months ago, maybe you can adapt it.

    See the example at

    http://www.huntingground.freeserve.c...ripts/snav.htm

    Scroll down to the cookie section and select History
    The silent one.

    The most dangerous thing in the world is an idea.
    The most dangerous person in the world is the one with an idea.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •