Proxy bypass details in cookies
We are having a bit of an 'issue' with proxy bypass abuse in the college at present, and are looking at ways of dealing with this.
In the short term, we search cookies for words like "Bebo" which in turn uncover those sites which are being used for access.
I have noticed that these sites 'plant' the destination site usernames within cookies, and have proved this out by picking a username out of a cookie, and doing a search for said username on Bebo.
Is it possible that these proxy by-pass sites also plant passwords in cookies, albeit encrypted or hashed in some way?
Is it possible to reveal these passwords?
We are trying a tactic of 'scaring' students to demonstrate that their details are held within cookies and such like, and that these proxy bypass sites are not secure and could easily be 'hijacking' students details for more malicious use. If we could uncover a few passwords within these cookies, we would really have some ammo, and it would be a big bonus to demonstrate to students how unsafe their actions potentially are.
Does anyone know a way of revealing passwords in cookie files, if indeed they are stored within such?
We are of course looking at longer term solutions such as teacher control of computers in classrooms, however, a short term 'shock and awe' tactic would be most welcome!