Security Testing Cookies Testing
What is a cookie?
A Cookie is a small piece of data sent by web server to store on a web browser such that it can read by the browser later. So browser remembers some particular personal information. when a Hacker gets hold of the cookie data, it will result in security concerns.
Cookies – Properties
- It is normally small text files, given ID tags that will be stored on your computer's browser directory
- It is employed by web developers to assist users in navigating to their websites effectively and execute certain functions
- Again, When the user browses the same website , the data which is stored in the cookie is returned back to the web server to inform the website of the users last activity.
- Cookies cant be avoided for websites that have complex databases, need logins, have customizable themes.
- The name of the server where the cookie was sent from
- The lifetime of the cookie
- A value - normally a randomly generated number
Types of Cookies
- Session Cookies - These cookies are short term which will be deleted as soon as the user closes the web browser. Even if the user logs in again into the a new cookie for that session will be created.
- Persistent cookies - These cookies will remain on the hard disk drive until and unless user removes them off or they expire. The Cookie's expiry will be purely dependent on how long they can exist.
- Disabling Cookies: As a tester, we should verify the access of the website after disabling cookies and to check if the pages are working properly. Navigating to all the pages of the website and watch for app crashes. It is also required to inform the user that cookies are required to use the site.
- Corrupting Cookies: Another testing to be achieved is by exploiting the cookies. For doing so, one has to figure out the location of the site's cookie and edit it manually with / invalid data which can be employed to access internal data from the domain which inturn will be used for hacking the site.
- Removing Cookies: Discard all the cookies for the website and test how the website responds to it.
- Cross-Browser Compatibility: It is the primary job of every tester to check whether the cookies are being written well on all those supported browsers from any page that writes cookies.
- Editing Cookies: If the application employes cookies for storing login information then as a tester we must try modifying the user in the cookie or address bar to other valid user. Editing the cookie must not allow you log in to others users account.
How to View/Edit Cookies?
Viewing/editing of cookies are well supported by the browser itself by Mordern browsers. There are plugins mozilla/chrome with the help of ehich we can perform the edits successfully.
- Edit Cookies plugin for Firefox
- Edit This Cookie plugin for chrome
Following are the steps one must go through for Editing a cookie.
- Download the plugin for Chrome from here
- Edit the Cookie value simply by accessing the 'edit this cookie' plugin from chrome as shown below.