Page 1 of 1

how to read cookie's content

Posted: Tue Nov 11, 2003 1:30 pm
by tintin
Hi,

How can I read the value of a cookie, when it is not created by a site I owns ?

Thanks for help

Posted: Tue Nov 11, 2003 2:06 pm
by d3ad1ysp0rk
i don't think you can/should be able to

it's a security risk, if someone has a cookie with their username and pass, and u can access that, then who knows what people will do..

so i dont believe you can

what do you want it for anyway?

Posted: Wed Nov 12, 2003 7:32 am
by tintin
Hi,

Yes, I agree that there is a security risk to put passwords in cookies... I hope that serious sites won't write password without encryption, and anyway I do not store important passwords on my machine, and everybody should know that.

I just would like if it was possible to check cookies values stored as files on my W2K computer, under my account, without beeing owner of the site which create them.

It is a security risk too, if someone can write on our computer and we can't know what...

Thanks for your time.

Posted: Wed Nov 12, 2003 7:37 am
by twigletmac
Which browser are you using? In Mozilla Firebird there's a handy cookie manager to view all the cookies and the information within them. Other than that, check out what's stored in your Temporary Internet Files directory.

However, you're likely to find most information is either hashed, encrypted or otherwise not very indicative of what information is being stored.

Mac

Posted: Wed Nov 12, 2003 7:40 pm
by m3rajk
not just that, i do beleive that cookies can be set to a specific domain so you can't be read by other domains

Posted: Thu Nov 13, 2003 2:47 am
by twigletmac
But you do have access to the cookies set on your computer.

Mac

Posted: Sun Nov 16, 2003 10:36 pm
by m3rajk
yet from the sound of the original post he was asking how to do so remotely.

you can only do your own user on your computer and it's not a security risk for you to see your cookies (netscape has a file cookies.txt that's a tab seperated spreadsheet that you can look at with notepad)

i took the original post to be OTHER people when viewing HIS site.

a good browser should not allow that