HTTP cookies are short blocks of data produced by a web server while a user is accessing a website and stored by the user's web browser on the user's computer or other device. Cookies are installed on the device used to visit a website, and a user's device may get many cookies throughout a session.
If cookies are not adequately protected or authenticated each time a request is made, it may result in a variety of malicious attack scenarios that compromise sensitive data.
Cookie poisoning is the act of altering or fabricating a cookie in order to circumvent security measures or deliver misleading data to a server. An attacker may steal or alter cookie values in order to obtain private information or even impersonate others in order to engage in various unauthorized activities.
Cookie Monster is an automated authentication and cookie/storage modifier, to test different cookie manipulation based security flaws. The tool is written in python using selenium.
Library Dependencies
selenium, time, maskpass, pyfiglet
Usage
Add your own webdriver path here.
driver = webdriver.Firefox(executable_path="")
Change the ID, TAGs. Change the 'user' to your desired cookie or storage name.
driver.execute_script('''localStorage.removeItem("user");''')
Add your changed cookie or local storage value.
driver.execute_script('''
# Desired Changed Local Storage value.
# localStorage.setItem("user","")
''')