Cookies Misconfiguration

Common Cookies Misconfiguration

Session Cookie Attributes

HttpOnly: false - Possible to steal cookie with XSS

SameSite: None - CSRF if not anti csrf token

Utiliser les cookies HTTP - HTTP | MDNMDN Web Docs

https://www.ibm.com/docs/fr/sva/10.0.7%3Ftopic%3Dcookies-session-conceptswww.ibm.com

https://cheatsheetseries.owasp.org/cheatsheets/cheatsheetseries.owasp.org

Weak Session ID

SHA1 or MD5 cookies

Weak Session Id ReportOffensive Security Blog

https://docs.datadoghq.com/fr/code_analysis/static_analysis_rules/go-security/import-md5/docs.datadoghq.com

Low Entropy - Randomness

How To Test Cookie / Session ID Randomness Using Burp Suite Sequencer | AmIRootYetAmIRootYet

Getting started with Burp Sequencer - PortSwiggerBurp_Suite

Duplicate cookies set

Duplicate cookies set · Issue #14822 · PrestaShop/PrestaShopGitHub

Duplicate Cookies Setturingsecure

Duplicate cookies setportswigger.net

Name	Description
ASPNET_Viewstate	Checks the viewstate/generator against a list of known machine keys.
Telerik_HashKey	Checks patched (2017+) versions of Telerik UI for a known Telerik.Upload.ConfigurationHashKey
Telerik_EncryptionKey	Checks patched (2017+) versions of Telerik UI for a known Telerik.Web.UI.DialogParametersEncryptionKey
Flask_SignedCookies	Checks for weak Flask cookie signing password. Wrapper for flask-unsign
Peoplesoft_PSToken	Can check a peoplesoft PS_TOKEN for a bad/weak signing password
Django_SignedCookies	Checks django's session cookies (when in signed_cookie mode) for known django secret_key
Rails_SecretKeyBase	Checks Ruby on Rails signed or encrypted session cookies (from multiple major releases) for known secret_key_base
Generic_JWT	Checks JWTs for known HMAC secrets or RSA private keys
Jsf_viewstate	Checks Both Mojarra and Myfaces implimentations of Java Server Faces (JSF) for use of known or weak secret keys
Symfony_SignedURL	Checks symfony "_fragment" urls for known HMAC key. Operates on Full URL, including hash
Express_SignedCookies_ES	Checks express.js express-session middleware for signed cookies and session cookies for known 'session secret'
Express_SignedCookies_CS	Checks express.js cookie-session middleware for signed cookies and session cookies for known secret
Laravel_SignedCookies	Checks 'laravel_session' cookies for known laravel 'APP_KEY'
ASPNET_Vstate	Checks for a once popular custom compressed Viewstate code snippet vulnerable to RCE
Rack2_SignedCookies	Checks Rack 2.x signed cookies for known secret keys
Yii2_SignedCookies	Checks Yii2 framework signed cookies for known cookie validation keys

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.