Honeypot Processors: Cookie Processor
Cookies are used by web applications to maintain state for a given user. They consist of key/value pairs that are passed around in headers and also stored client side. Each key/value pair has various attributes including which domains it is valid for, what paths within those domains, as well as security restrictions and expiration information. Because this is the primary way for a web application to maintain a session, hackers will often try to manipulate cookie values manually in an effort to escalate access or hijack someone else's session. All of the attacks applicable to modifying form parameters are also applicable to modifying cookie parameters. It may even be possible, although unlikely, to find an SQL injection flaw in a cookie parameter.
Table 1: Cookie Processor Configuration Parameters
Parameter | Type | Default Value | Description |
|---|---|---|---|
Basic | |||
Processor Enabled | Boolean | True | Whether or not to enable this process for http traffic. |
Advanced | |||
Cookie | String | Cookie | The fake cookie to use. |
Incident: Cookie Parameter Manipulation | Boolean | True | The user modified the value of a cookie which should never be modified. |
