The Cookies mysteries

[lobellin]

Hi everyone!

First I would like to make clear that I am kind of a neophyte, and I'm very glad I found this terrific forum to learn. I hope my topic comes in the right place...

So, here are my questions:

- Is it possible to extend the lifetime of a cookie?
- Is it possible to decypher a remote https-connection through a MiTM attack on a computer using windows (I am pretty aware of everything that exists on Backtrack and other stuffs - but I'm wondering).
-If I have ARP-poisonned a remote computer, and if i Have wireshark running on an host computer, is it a way to decypher the https traffic with a self-signed (and made) certificate? If yes, how do I create such a certificate (on windows again - maybe it could be done through Cain&Abel itself?).
- Is there a way to capture the RSA key used by the remote computer when it is accessing an https encrypted website?

I guess everything I wrote is pretty stupid for you experts, at least you will confirm the fact and i will stop wondering those silly questions (and I apologize for the english, it is not my birth language).

Regards.

[limdis]

Welcome to HTS. No these are really good questions and I'm learning about this myself. So good timing. But I would advise against using windows.

1. Yes you can. Read this.
2. Yes. But again with windows you are limited; Cain and Abel and I've heard of using Etheral.
3. Not sure how to do this on on windows but read over this SSL Strip
4. I'm fairly certain you can but I'm not sure off of the top of my head how to do it. Something I still need to research.

If you decide to switch over to using linux (or backtrack) you and I could talk more in detail about this lol. Also, by all means post some details of what you are learning. We could both help each other out.