About expire cookies?

[John Sapiera]

how to modify response with expire cookie using fiddler?

this is the response.

HTTP/1.1 200 OK

Cache-Control: no-cache,private

Pragma: no-cache

Transfer-Encoding: chunked

Content-Type: text/xml; Charset=utf-8

Expires: Fri, 18 Mar 2016 17:40:20 GMT

Server: Microsoft-IIS/7.5

P3P: CP=NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE  CNT STA POL HEA PRE LOC OTC

Set-Cookie: sid=; expires=Fri, 18-Mar-2016 17:41:18 GMT; path=/

Set-Cookie: Auth=; expires=Fri, 18-Mar-2016 17:41:18 GMT; domain=sams.act.edu.ph; path=/

Set-Cookie: ASPSESSIONIDCESBRBBR=BNCDIOBCCGLELPOCGKIJBDKG; secure; path=/

X-Powered-By: ASP.NET

Date: Fri, 18 Mar 2016 17:41:20 GMT

28

<?xml version="1.0" encoding="utf-8"?>

a

<Result>

1d

<ResultCode>1</ResultCode>

9

</Result>

0

[EricLaw]

What do you want to modify, and do you want to do it automatically, or manually?

See e.g. http://www.telerik.com/blogs/breakpoints-in-fiddler

[John Sapiera]

Good day sir Eric,

still can't modify I follow the steps you posted on your blog. still can't modify the request, 

maybe this is the problem.

[EricLaw]

It's not clear what you're trying to accomplish; can you be very specific? 

The header on requests is Cookie, not Set-Cookie, which is a response header. You can modify the request headers, including this one, by setting a Request Breakpoint, or by using the Rules > Customize Rules > OnBeforeRequest method in FiddlerScript.  You can modify the response headers, including this one, by setting a Response Breakpoint, or by using the Rules > Customize Rules > OnBeforeResponse method in FiddlerScript.

[John Sapiera]

good day sis, what specific codes that I input in fiddler script ?

- It's not clear what you're trying to accomplish; can you be very specific?

I want to modify my personal information sir, 

ex.

1
Current Password: True

City: Miami change to Golden State

{

Result =1

}

modified

2

Current Password: false(incorrect)

City: Golden State to Miami

{

Result = -1

}

I want to change my Personal Information if my Result = -1

[Eric Lawrence]

You can do things like, e.g.

  if (oSession.uriContains("whatever.com/pageIcareabout"))

  {

     var sCookie = oSession.oRequest["Cookie"];

     sCookie = sCookie.Replace("Miami", "Golden%20State");

     oSession["Cookie"] = sCookie;

  }

  

[John Sapiera]

Good day sir Eric Lawrence thank you for all your replies also in tweeter I'll appreciate your replies although my problem is not yet done there is last thing I ask about this problem sir, I've got some idea of your tweet

@JohnSapiera So the server chooses to delete the cookie. You can edit that deletion if you like. (c)@ericlaw

about this.

Set-Cookie: sid=; expires=Fri, 18-Mar-2016 17:41:18 GMT; path=/

Set-Cookie: Auth=; expires=Fri, 18-Mar-2016 17:41:18 GMT; domain=sams.act.edu.ph; path=/

after expires=(date/time/GMT) , how to set time like this ^ (autoupdate) this expiration of blank cookie issue by server? I mean what specific codes that I input on fiddlerscript?

waiting your positive response

@johnsapiera

[John Sapiera]

Good day sir Eric Lawrence,

My main concern is to how modify this response and reuse it if I don't know my current password?

• To modify the my personal information is needed to fill up the correct current password and verification code

   and the server give response.(fig 2)

If I reuse this response in AutoResponder and I input wrong password to modify my Personal Information I can't modify it, and  if I reuse the response and input correct current password and change some Personal Information it can't modify also.

Website: https://t.co/dkNRnetFou

Reason for doing this: because I have account to retrieve its been 3 years ago, I still access that account using fiddler and its cookies but I can't login it because I forgot my password.

[Eric Lawrence]

A properly-coded server will NEVER allow you to change your password without first confirming your old password. That's true even if you have a cached login cookie that otherwise provides you access to information about your account. (Cached login cookies *should* eventually time out too, but that's a different issue).

The reason that a properly-coded server demands that you prove you know the old password before setting a new one is to deal with the threat that someone could quickly sit down at your computer and change the password without you knowing; requiring the old password be manually entered also ensures that a cross-site request forgery attack (CSRF) cannot be used to change your password to an attacker's choice.

To reset your password on the website you should contact the support team for that website. Unless the site is seriously buggy, there's nothing you can do in Fiddler to circumvent the server's requirements.