Honeypot Processors: Cookie Processor

Cookies are used by web applications to maintain state for a given user. They consist of key/value pairs that are passed around in headers and also stored client side. Each key/value pair has various attributes including which domains it is valid for, what paths within those domains, as well as security restrictions and expiration information. Because this is the primary way for a web application to maintain a session, hackers will often try to manipulate cookie values manually in an effort to escalate access or hijack someone else's session. All of the attacks applicable to modifying form parameters are also applicable to modifying cookie parameters. It can be possible, although unlikely, to find an SQL injection flaw in a cookie parameter.

Table 15: Cookie Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

True

Whether or not to enable this process for http traffic.

Advanced

Cookie

String

Cookie

The fake cookie to use.

Incident: Cookie Parameter Manipulation

Boolean

True

The user modified the value of a cookie which should never be modified.