Cookies are used to maintain session state in the otherwise stateless HTTP protocol

  • Modify the Cookie Content
    Cookie poisoning attacks involve modification of the contents of a cookie (personal information stored in a web user’s computer) in order to bypass security mechanisms
  • Inject the Malicious Content
    Poisoning allows an attacker to inject malicious content, modify the user’s online experience, and obtain unauthorized information
  • Rewriting the Session Data
    A proxy can be used for rewriting the session data, displaying the cookie data, and/or specifying a new user ID or other session identifiers in the cookie