Cookies Misconfiguration

Common Cookies Misconfiguration

HttpOnly: false - Possible to steal cookie with XSS

SameSite: None - CSRF if not anti csrf token

Utiliser les cookies HTTP - HTTP | MDNMDN Web Docs

https://www.ibm.com/docs/fr/sva/10.0.7%3Ftopic%3Dcookies-session-conceptswww.ibm.com

https://cheatsheetseries.owasp.org/cheatsheets/cheatsheetseries.owasp.org

Weak Session ID

SHA1 or MD5 cookies

Weak Session Id ReportOffensive Security Blog

The md5 hashing algorithm is insecureSurveillance d'applications et d'infrastructures avec Datadog

Low Entropy - Randomness

How To Test Cookie / Session ID Randomness Using Burp Suite Sequencer | AmIRootYetAmIRootYet

Getting started with Burp SequencerBurp_Suite

Duplicate cookies set

Duplicate cookies set · Issue #14822 · PrestaShop/PrestaShopGitHub

Duplicate Cookies Setturingsecure

Duplicate cookies set

Name

Description

ASPNET_Viewstate

Checks the viewstate/generator against a list of known machine keys.

Telerik_HashKey

Checks patched (2017+) versions of Telerik UI for a known Telerik.Upload.ConfigurationHashKey

Telerik_EncryptionKey

Checks patched (2017+) versions of Telerik UI for a known Telerik.Web.UI.DialogParametersEncryptionKey

Flask_SignedCookies

Checks for weak Flask cookie signing password. Wrapper for flask-unsign

Peoplesoft_PSToken

Can check a peoplesoft PS_TOKEN for a bad/weak signing password

Django_SignedCookies

Checks django's session cookies (when in signed_cookie mode) for known django secret_key

Rails_SecretKeyBase

Checks Ruby on Rails signed or encrypted session cookies (from multiple major releases) for known secret_key_base

Generic_JWT

Checks JWTs for known HMAC secrets or RSA private keys

Jsf_viewstate

Checks Both Mojarra and Myfaces implimentations of Java Server Faces (JSF) for use of known or weak secret keys

Symfony_SignedURL

Checks symfony "_fragment" urls for known HMAC key. Operates on Full URL, including hash

Express_SignedCookies_ES

Checks express.js express-session middleware for signed cookies and session cookies for known 'session secret'

Express_SignedCookies_CS

Checks express.js cookie-session middleware for signed cookies and session cookies for known secret

Laravel_SignedCookies

Checks 'laravel_session' cookies for known laravel 'APP_KEY'

ASPNET_Vstate

Checks for a once popular custom compressed Viewstate code snippet vulnerable to RCE

Rack2_SignedCookies

Checks Rack 2.x signed cookies for known secret keys

Yii2_SignedCookies

Checks Yii2 framework signed cookies for known cookie validation keys

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousTesting Credit Cards NextBasic HTTP Authentification

Last updated 12 days ago

Session Cookie Attributes

Weak Session ID

Low Entropy - Randomness

Duplicate cookies set

Interesting Books

Support this Gitbook