Http cookie is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. it can also be taught as ticket for us to enter website, from simple explanation, it will be similiar with ticket for entering specific place. User that has examined ticket are free to enter or go in or out the place, for example once u have logged to facebook.com, in new tab or window, you don’t have to enter log in information again, because your log in state has been stored by your browser through http cookie.
Browser use this http cookie to store information of your session, so that, user that have stored cookie has some advantages such as :
1. saved logging session
2. tracked browsing preference
3. preferred search or article provided by website
4. any service that can be done by storing browsing state on your computer.
because it is usually stored in text format in computer, http cookie will not contain virus or harm computer in a way virus does.
although it gives us advantages but http cookie may harm us in these ways:
1. Used by spyware to track browsing activities (in bad way).
2. Used by hacker to gain access to log in any web service
How to view cookies
you can view your cookies in firefox :
1. tools – option – privacy – remove individual cookie
there you can simply view cookie stored in your computer and remove it.
2. firefox plugin – View Cookies
this plugin is easy to use, you just need to right click anywhere on the site – click view page info – click view cookies menu.
you can capture cookies with wireshark, in earlier network infrastructure (hub, unprotected wifi) wireshark can be used to capture entire network activities, so that u can easily steal cookies but now you need more efforts to steal/capture network activities
Cookie injection is a method to modify our own cookie / inject cookie information to our computer/browser, using this method we can gain access to any browser state in particular sites.
In firefox Cookie injection can be done with greasemonkey. greasemonkey is plug-in that enable user script to be run to modify browsing activities.
These are the steps :
1. Download Greasemonkey
2. Install cookie injector script
3. Open sites you want to inject
4. Alt+C , enter cookie information to the form
5. You get logged in in without entering log in forms
source: wikipedia.org, google.com