Reputation: 17
Cookie hacking: is it possible to edit them manually?
I think this is not the first time someone askes this question. But I couldn't get a clear answer.
Is it possible to "hack" a cookie? For example, If someone is logged in, I create an 'user id' cookie, with value 'usr01301', and this is a reference to that user. If this user is loading the webpage, the website will check for cookies. If a 'user id' is available, the user will login with the account connected to the user id.
But, is someone able to write this cookie manually? Or change it to another ID? To be able to login with this cookie.
Upvotes: 0
Views: 1879
Answers (2)
Reputation: 11
predictable cookies are a bad idea. with that, anyone can predict cookie for any user existed on that website. and manually edit also possible ad there are lot of tools available o internet to do it autometically. https://bugarena.com/single/Y7A7WOZ1520
Upvotes: 0
Reputation: 319
YES
Session Hijacking is a very real thing, and it is easy to exploit on any website that does not have good security systems in place. Using a username in a cookie is a really, really bad idea.
There are browser plugins that make it easy to edit cookies, but you can even do it using the developer console that ships with many browsers.
For that matter, you don't need a browser at all. wget can perform http requests with cookies from the command line.
Upvotes: 1
Related Questions
- Reading cookies via HTTPS that were set using HTTP
- how to edit a secure cookie?
- How to tamper cookie
- is it possible to edit the cookie value
- Can a user manipulate cookies?
- Find Cookie files and edit them with notepad / other editor
- Can I change the value of a existing cookie?
- How to add / edit a cookie in php?
- How to alter a cookie in php
- Editing local cookie values