SESSION COOKIE REPLAY TESTING

This is exactly how session replay testing works, by replaying valid cookies in separate requests.

#save the cookie
root@oco:~$ curl -c cookies.txt -d "username=admin&password=admin" http://MACHINE_IP/session.php

 * The -c option writes any cookies received from the server into a 
   file (cookies.txt in this case). You'll often see a session cookie like PHPSESSID=xyz123.

#reuse the saved cookie
root@oco:~$ curl -b cookies.txt http://MACHINE_IP/session.php
 * the -b option is used to pass the cookie to the site
    - if a cookie is saved, the -b option tells cURL to send the saved cookies in the next 
      request, just like a browser would.
      
 * ALT: 
    - curl -H {'Cookie: PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1'} {targetSite:port}
       - this alternate method specifies the cookie as a header
    - curl -b {'PHPSESSID=c1nsa6op7vtk7kdis7bcnbadf1'} {targetSite:port}

PreviousBRUTE FORCING W/ CURL NextCUSTOM WORDLIST

Last updated 2 hours ago