Re: saving session cookies?

Hi, offset,


offset wrote:

Since I've posted, I've found a nice firefox plugin called LiveHTTPHeaders that will dump all http header information and then I can save everything to a file. I was then going
> to write a script to parse the cookie information out for my purposes.

I'd be interested in any other ideas about saving cookie state without individual copy/paste as some sites have a lot of cookies.

-off


If you can code at all, you might find it useful to pop open the LiveHTTPHeaders .XPI archive (it's in zip format) and take a look at the Javascript source. I just had a quick squint at it myself, and it looks feasible to add a quick and dirty hack to get it to dump just cookie information. And if you're feeling massively benevolent, you could even add some UI to enable the rest of us to turn that feature on and off... :)


cheers

\a

--
Andrew Simmons // MessageLabs Security Team
Technical Security Consultant
MessageLabs: Be certain

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email ______________________________________________________________________

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@xxxxxxxxxx
------------------------------------------------------------------------------

Relevant Pages

  • Re: Will the real hacker please stand up and raise their hand
    ... security concepts, but cannot run a sniffer to save their life, ... Subject: Hackers and Employment ... managed service or an enterprise software ... Download FREE whitepaper on how a managed ...
    (Pen-Test)
  • Re: Pentester convicted..
    ... and thus politely forcing them take responsibility for the protection of privacy of the data they carry. ... and ignored the first 2 reports. ... A security pro notices a flaw, checks to make sure he is not on crack ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • Re: [lists] Re: What to spend on a pentest
    ... Only the vulnerability test needs to be performed by a visa certified vulnerability tester. ... You'll notice the annual pen-test requirement in 11.3 doesn't specify that ... > Officer Information Systems Security infosysec.net ... You have an option to go with a managed service (Cenzic ...
    (Pen-Test)
  • Re: What is being a pen tester really like?
    ... network architecture, security awareness, etc. ... >> What I would like to know is what is being a pen tester really like? ... As attacks through web applications continue to rise, ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Licensed Penetration Tester LPT
    ... Subject: Licensed Penetration Tester LPT ... Expert in Security Policy Assessments ... applications continue to rise, ... how a managed service can ...
    (Pen-Test)