WebApp Sec: Re: Unable to impersonate another user although having its cookie

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Unable to impersonate another user although having its cookie

From: arvind doraiswamy <arvind.doraiswamy () gmail com>
Date: Mon, 27 Jul 2009 21:30:42 +0530

A very very late entry to this thread with a side point - The easiest
way to check what's getting sent by 2 different users is by simply
using Burp Comparer. Just Intercept the requests with Burp Proxy and
send them to Comparer to see what's different. Once you find out
what's different just try and spoof that in your next request. Here is
a nice post on how to use Burp Comparer:

http://portswigger.net/suite/comparerhelp.html

Cheers
Arvind

By Date By Thread

Current thread:

RE: Unable to impersonate another user although having its cookie, (continued)
- RE: Unable to impersonate another user although having its cookie Hellman, Matthew (Jul 01)
  - Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
- Re: Unable to impersonate another user although having its cookie Guillermo Caminer (Jul 06)
  - Re: Unable to impersonate another user although having its cookie José Manuel Molina Pascual (Jul 06)
- RE: Unable to impersonate another user although having its cookie Martin O'Neal (Jul 01)
- Re: Unable to impersonate another user although having its cookie arvind doraiswamy (Jul 27)