As part of an exercise, I have to sniff cookies from a login page and insert them into the same login page. If the cookie injection is successful, the user must be logged in without entering his username and password.
I have sniffed cookies. I found three key pairs: value as follows:
FN_cookie_accept-20180525 = true PHPSESSID = xxx glt_3_xll2BxR_yYFi3JO-E2jFgRoQaeoxAvhqsWzMIY28wrDaB6bzzgDPHHfyC13GNS8H = xxx
I have downloaded the Firefox code injector extension from here. Then I added this script:
document.cookie = "FN_cookie_accept-20180525 = true" document.cookie = PHPSESSID = xxx document.cookie = glt_3_xll2BxR_yYFi3JO-E2jFgRoQaeoxAvhqsWzMIY28wrDaB6bzzgDPHHfyC13GNS8H = xxx
And in the current host of the text field, I've entered the domain name of the websites on which I want cookies to be injected, for example.
xyz.com (without the www).
Then I refreshed the page. Nothing has changed. I did not connect
I made a second attempt by entering the same code but from the browser console when I opened the targeted page and I updated the page thereafter.
Can you help me with a clear method for injecting sniffed cookies?