+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Filters (/forumdisplay.php?fid=38)
+--- Forum: Filter Help/Request (/forumdisplay.php?fid=31)
+--- Thread: Fake one Cookie, Accept And Send all others. (/showthread.php?tid=644)
Fake one Cookie, Accept And Send all others. - TCM - Oct. 20, 2005 02:20 AM
Hello Kye-U,
What I'm trying to do is fake one cookie, a session cookie, but in the process I should be receiving other cookies through the "Set-Cookie" field and I want these cookies. Unfortunatly when you use Fake a Cookie (out) it replaces all of the cookies with this one cookie. So is there any way you can dynamically accept cookies that don't match a certain cookie and add them to your fake cookie list or just match a certain cookie to another cookie, fake that one, but don't fake or block the rest. Btw the session cookies are always of similar name "SessionID" but variable length.
Whew, Thanks
- TCM - Oct. 20, 2005 02:48 AM
I've also thought about it from a different perspective. Since I need the other cookies and they need to be legitmately on my computer, is there anyway you can one-time fake a "Set-Cookie" onto your computer. This would permanently make the sessionID legitmate on my computer and accept all over set-cookies and the cookie's out would not be affected.
- Siamesecat - Oct. 20, 2005 06:39 AM
Is it cookies from only one host that you wish to fake? If you used the Fake a Cookie filter with only that host name in the URL match line, the fake would be sent only to that host. You could limit the match to a certain pattern of content as well, and set the replacement to whatever you like.
- TCM - Oct. 20, 2005 07:32 PM
Ok. So we have a Host A and me B
B -> Fakes One Cookie to A (only one match)
A -> Responds by sending 3 Cookies back to B
I want to change one of those 3 Cookies to the initial fake cookie so I don't have to fake it anymore. I'm pretty sure I can use the Set-Cookie "Session only" to instead match one of the 3 cookies. Thus making the inital fake cookie now being faked by the web browser because it was "sorta legally" (in the browser's mind) set.
Get it?
- Siamesecat - Oct. 21, 2005 06:48 AM
TCM,
It makes more sense to fake a cookie outgoing rather than incoming, because incoming cookies can be set by more than one method. Outgoing cookies are presented by the browser in only one way (in the request header). Proxomitron filters the file transfer response header from the server for cookies, but the server can also send cookies in redirection and error headers. Cookies can be set by code on web pages as well.
The browser has no way to detect what happens to its header once it is sent out. The proxy takes the header from the browser and makes a few changes to it before sending it on, but the browser does not get it back again. Whether the cookie was session or persistent was determined on the way in, not on the way out.