An example of poor web application coding

PREMIUM.PHP

HTTP/1.1 200 OK Date: Sat, 16 Jul 2005 20:15:06 GMT Server: Apache X-Powered-By: PHP/4.3.11 Set-Cookie: premium=0; expires=Mon, 18-Jul-05 00:15:06 GMT Content-Type: text/html Content-Length: 16 var premium = 0;

When called premium.php checks to see if you have paid for a premium account. If you have paid the cookie value premium is set to true and Java script value is also set to true since it is the Java script on the site that does the work if you are a premium subscriber. What you see above is the response to premium.php after being called form the index.php Due to the way the site is coded premium.php seems to be called from every page. Why they are setting the cookie value and not using it I have no idea. So, in order to pretend to be a subscriber it is necessary to check the servers reply and change it before Firefox gets it. I have a proxy running over here so I just set it to modify the returned data. I bet you could use the Greasemonkey Firefox plugin to change it on the fly for you. I'll have to look into that later...