Friday, April 25, 2014

COOKIE MANIPULATION:

COOKIE MANIPULATION:

          A cookie is a small file or text only string registered in the memory of a web browser, used to identify a website user. Websites use cookies to authenticate users (e.g. gmail.com) personalize data (e.g. my yahoo), to assist customers with online sales or services (e.g e-bay.com) or merely for collecting statistical and demographic data (e.g. doubleclick.com).

           Cookies which are saved in the form of simple text files can be deleted. If you delete a cookie while your browser is open, it will be recreated when you close the browser; because all cookies are held in the memory of your browser till you close the browser.

          Browser can be set to accept all, some or none of the incoming cookies or can be set to warm before accepting it. Many sites uses cookies to implement access control schemes of various sorts e.g. a subscription site that requires a user name and password might pass a cookie back to your browser the first time you log in; then it will give you access to restricted pages, once your browser passes valid cookie.

          This may vulnerable  to exploitation, here, hacker could use a packet sniffer to intercept the cookies as it passes from your browser to the server and then use it to obtain free access to the site.

6 PARAMETERS IN A COOKIE:

i)                    Name of the cookie;
ii)                   The value of the cookie;
iii)                 Expiration date of the cookie;
iv)                 The path valid for the cookie;
v)                  The domain valid for cookie;
vi)                 A secure connection to use the cookie.
Out of these 6 parameters two are compulsory (i.e. its name and its value). The semicolon; separates each parameter when it is set explicitly.
1)      NAME VALUE:
The name and the value of the cookie can be set by pairing them together e.g. Name = Sanya.
2)      EXPIRES:
This parameter allows you to set the lifetime of the cookie. If it is not set clearly or not set at all; then by default the expiry gets set to the end of the session.
3)      PATH:
This is most useful parameter out of the four optional settings. This parameter establishes the URL path within which the cookie remains valid.
4)      DOMAIN:
This parameter extends the path parameter a little. If a site uses multiple servers for one domain, here it becomes important to specify the domain parameter in such a way so as to make the cookie accessible to any of the pages of these multiple servers e.g. domain=www.cyber_security.net.
It is possible to assign cookies to either an individual machine or to an entire Internet Domain. To set a cookie for a domain, the server should be a member of that domain. If a domain parameter is not set explicitly then by default the full domain of the document that has created the cookies is taken.

5)      SECURE:

This parameters indicates that a cookie with this parameter should only be used under secure condition e.g. SSL (Secure Socket Layer).
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)