Penetration Testing mailing list archives
Re: common cookie db?
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Fri, 20 Jan 2006 13:03:34 +0100
Ramon Pinuaga Cascales wrote:
Hi offset, I've compiled a document called "cookie_figerprinting". I put here the cookies I usually found working.
Interesting. Here's a patch adding some more cookies and also some additional references.
Javier
--- cookie_fingerprinting.orig.txt 2006-01-20 10:54:20.515625000 +0100 +++ cookie_fingerprinting.txt 2006-01-20 13:01:18.046875000 +0100 @@ -27,8 +27,18 @@ Microsoft IIS (www.microsoft.com) ------------- +Format: +Set-Cookie: ASPSESSIONIDXXXXXXXX=XXXXXXXXXXXXXXXXXXXXXXXX; path=/ +where 'X' is a upper case letter + +Sample: Set-Cookie: ASPSESSIONIDGQQGQYDC=KDGFBFGBLPNCMIIELPAINNJH; path=/ +Microsoft ASP.Net (www.microsoft.com) +----------------- + +Set-Cookie: ASP.NET_SessionId=0hqed4qelkxvjj153tplacm0; path=/ + IBM Net.Commerce (www.ibm.com) ---------------- @@ -86,9 +96,15 @@ IBM Tivoli Policy Director WebSeal (www.ibm.com) ---------------------------------- +Format: +Set-Cookie: PD-S-SESSION-ID=2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Path=/; Secure +where 'x' is {[A-Z],[a-z],[0-9],+,-} +Example: Set-Cookie: PD-S-SESSION-ID=2_L7kl8vzZ9b8LMEwpm0PgqqQRIh2ZZakRamBlgvMXqIIAABDZ; Path=/; Secure +When accessing a stateful sesion: +Set-Cookie: PD_STATEFUL_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx=/LOCATION; Path=/ WEBTRENDS () --------- @@ -96,8 +112,8 @@ Set-Cookie: WEBTRENDS_ID=223.53.123.13-1091519275.658578; expires=Fri, 31-Dec-2010 00:00:00 GMT; path=/ -IBM WebSphere () -------------- +IBM WebSphere Application Server () +--------------------------------- Set-Cookie: sesessionid=ZJ0DMWIAAA51VQFI50BD0VA;Path=/ @@ -120,3 +136,25 @@ Set-Cookie: _sn=u3YBSdYfaf0oa5H1hz7Tc0ccApc0T1Iz60QWgeSiMEA_; Version=1; Path=/ +BlueCoat Proxy (www.bluecoat.com) +-------------------------- + +Set-Cookie: BCSI-CSC2B35314=1; Path=/ + +Coldfusion (www.macromedia.com +---------- + +CFID, CFTOKEN, and CFGLOBALS + +More info at +http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17919 +http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915 + +Urchin Tracking Module +---------------------- + +__utmz +__utma + +More info at: +http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- common cookie db? offset (Jan 18)
- Re: common cookie db? Ramon Pinuaga Cascales (Jan 18)
- Re: common cookie db? Javier Fernandez-Sanguino (Jan 22)
- Re: common cookie db? Ramon Pinuaga Cascales (Jan 18)