From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Fri Jan 20 2006 - 07:03:34 EST
Ramon Pinuaga Cascales wrote:
> Hi offset,
>
> I've compiled a document called "cookie_figerprinting".
> I put here the cookies I usually found working.
Interesting. Here's a patch adding some more cookies and also some
additional references.
Javier
--- cookie_fingerprinting.orig.txt 2006-01-20 10:54:20.515625000 +0100
+++ cookie_fingerprinting.txt 2006-01-20 13:01:18.046875000 +0100
@@ -27,8 +27,18 @@
Microsoft IIS (www.microsoft.com)
-------------
+Format:
+Set-Cookie: ASPSESSIONIDXXXXXXXX=XXXXXXXXXXXXXXXXXXXXXXXX; path=/
+where 'X' is a upper case letter
+
+Sample:
Set-Cookie: ASPSESSIONIDGQQGQYDC=KDGFBFGBLPNCMIIELPAINNJH; path=/
+Microsoft ASP.Net (www.microsoft.com)
+-----------------
+
+Set-Cookie: ASP.NET_SessionId=0hqed4qelkxvjj153tplacm0; path=/
+
IBM Net.Commerce (www.ibm.com)
----------------
@@ -86,9 +96,15 @@
IBM Tivoli Policy Director WebSeal (www.ibm.com)
----------------------------------
+Format:
+Set-Cookie: PD-S-SESSION-ID=2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Path=/; Secure
+where 'x' is {[A-Z],[a-z],[0-9],+,-}
+Example:
Set-Cookie: PD-S-SESSION-ID=2_L7kl8vzZ9b8LMEwpm0PgqqQRIh2ZZakRamBlgvMXqIIAABDZ; Path=/; Secure
+When accessing a stateful sesion:
+Set-Cookie: PD_STATEFUL_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx=/LOCATION; Path=/
WEBTRENDS ()
---------
@@ -96,8 +112,8 @@
Set-Cookie: WEBTRENDS_ID=223.53.123.13-1091519275.658578; expires=Fri, 31-Dec-2010 00:00:00 GMT; path=/
-IBM WebSphere ()
--------------
+IBM WebSphere Application Server ()
+---------------------------------
Set-Cookie: sesessionid=ZJ0DMWIAAA51VQFI50BD0VA;Path=/
@@ -120,3 +136,25 @@
Set-Cookie: _sn=u3YBSdYfaf0oa5H1hz7Tc0ccApc0T1Iz60QWgeSiMEA_; Version=1; Path=/
+BlueCoat Proxy (www.bluecoat.com)
+--------------------------
+
+Set-Cookie: BCSI-CSC2B35314=1; Path=/
+
+Coldfusion (www.macromedia.com
+----------
+
+CFID, CFTOKEN, and CFGLOBALS
+
+More info at
+http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17919
+http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915
+
+Urchin Tracking Module
+----------------------
+
+__utmz
+__utma
+
+More info at:
+http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:23 EDT