#!/usr/bin/perl
use LWP::UserAgent;
use HTTP::Cookies;
use HTTP::Request::Common;

$URL       = "https://www.example.com/w/signup.php";
$UA        = LWP::UserAgent->new();
$myCookies = HTTP::Cookies->new(
    file           => "cookies.txt",
    autosave       => 1,
    ignore_discard => 1,
);
$UA->cookie_jar($myCookies);

# Find a particular cookie from a particular domain. Uses an external
# namespace ($find::) to get the key, path, and domain to search for.
# Puts found cookie into array @find::cookie.
sub findCookie {
    my (
        $version,   $key,    $val,     $path,    $domain, $port,
        $path_spec, $secure, $expires, $discard, $rest
    ) = @_;

    if (    ( $domain eq $find::domain )
        and ( $path eq $find::path )
        and ( $key  eq $find::key ) )
    {
        print "$version, $key, $val, $path, $domain, $expires\n";
        @find::cookie = @_;
    }
}

# Our Malicious Cookie: Contains a known session ID.
my $version = 0;
my $key     = "session_id";
my $val     = "1234567890abcdef";
my $path    = "/";
my $domain  = "example.com";
my $expires = "123412345";

# Add the malicious cookie to our jar. Fields we don't care
# about are undefined.
$myCookies->set_cookie(
    $version, $key,  $val,     $path, $domain, undef,
    undef,    undef, $expires, undef, undef
);

$req = HTTP::Request->new( GET => $URL );
$UA->prepare_request($req);
$resp = $UA->request($req);

$find::domain = "example.com";
$find::path   = "/";
$find::key    = "session_id";

# See if we have any cookies for that site, path, and key.
$myCookies->scan( \&findCookie );
if (    ( $domain eq $find::cookie[4] )
    and ( $path   eq $find::cookie[3] )
    and ( $key    eq $find::cookie[1] ) )
{
	# We have one. See if it contains our value.
    if ( $val eq $find::cookie[2] ) {
        print "Test failed: cookie returned was ours.\n";
    } else {
        print "Test passed: cookie returned was new.\n";
    }
} else {
    print "Test script failure: no matching cookie found.\n";
}