As part of an exercise, I need to sniff cookies from a login page and inject them in the same login page. If the cookie injection is successful the user must be login without entering the user name and password.
I sniffed the cookies. I found three key:value pairs as follows:
FN_cookie_accept-20180525=true
PHPSESSID=xxx
glt_3_xll2BxR_xxx=xxx
I downloaded Firefox code injector extension from here. Then I added this script: // Type your JavaScript code here.
document.cookie = "FN_cookie_accept-20180525=true"
document.cookie = PHPSESSID=xxx
document.cookie = glt_3_xll2BxR_xxx=xxx
And in the text field current host, I entered the domain name of the websites where I want the cookies to be injected, e.g. xyz.com
(without the www).
Then I refreshed the page. Nothing changed. I did not get logged in.
I made a second attempt by entering the same code but from the browser console when I opened the targeted page and I refreshed the page after that.
Can you please help me with a clear method for injecting sniffed cookies?