web application – spoof an authentication cookie


Login and copy the Cookie (Use tamper to copy cookie to notepad) Login used was aspect password was aspect

Cookie=AuthCookie=65432udfqtb; JSESSIONID=9842703FB85871000C1CA2534A61ECF3

Interesting part is end of Cookie udfqtb

Using http://yehg.net/encoding/
1. Under EnCrypt click on Reverse
2. Under EnCrypt click on Charr–
= aspect

Now find another username example been alice

Using http://yehg.net/encoding/
3. Under EnCrypt click on Reverse
4. Under EnCrypt click on Charr++
= fdjmb

5. Take the original cokkie Cookie=AuthCookie=65432udfqtb and now replace udfqtb with the new reversed/charr username fdjmb


6. Turn on tamper and refresh page. Replace old cookie with Cookie=AuthCookie=65432fdjmb tamper and ok and you should be logged in as alice.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s