This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Cookies Database"
(Updating list of known cookie names with that of the common express-session for NodeJS and Express apps) |
|||
(15 intermediate revisions by 4 users not shown) | |||
Line 18: | Line 18: | ||
|[http://www.mediawiki.org/wiki/MediaWiki MediaWiki] | |[http://www.mediawiki.org/wiki/MediaWiki MediaWiki] | ||
|1.8 | |1.8 | ||
+ | |Used at http://www.wikipedia.com | ||
+ | |None | ||
==Cookie Database== | ==Cookie Database== | ||
− | {| | + | {|class="wikitable sortable" style="text-align: center;line-height: 8pt" width="100%" |
+ | |- | ||
|Cookie Name | |Cookie Name | ||
|Example Value | |Example Value | ||
Line 29: | Line 32: | ||
|Product Name | |Product Name | ||
|Product Version | |Product Version | ||
+ | |Product Type | ||
+ | |Example Site | ||
+ | |Notes | ||
+ | |||
+ | |- | ||
+ | |JSESSIONID | ||
+ | | | ||
+ | |unknown | ||
+ | |Many | ||
+ | |Many | ||
+ | |Any | ||
+ | |J2EE Application server | ||
+ | |Many | ||
+ | |Many appservers use this cookie including Claudio Resin, [http://jakarta.apache.org/tomcat/ Jakarta Tomcat/JSERV], [http://www.macromedia.com/ Macromedia Jrun] | ||
+ | |||
+ | |- | ||
+ | |ASPSESSIONIDXXXXXXXX | ||
+ | |XXXXXXXXXXXXXXXXXXXXXXXX | ||
+ | |unknown | ||
+ | |[http://www.microsoft.com/ Microsoft] | ||
+ | |[http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/default.mspx Microsoft Internet Information Services] | ||
+ | |5.0 | ||
+ | |Application server | ||
+ | |Many | ||
+ | |Cookie name varies by site | ||
+ | |||
+ | |- | ||
+ | |ASP.NET_SessionId | ||
+ | |0hqed4qelkxvjj153tplacm0 | ||
+ | |unknown | ||
+ | |[http://www.microsoft.com/ Microsoft] | ||
+ | |[http://www.microsoft.com/iis Microsoft Internet Information Services] | ||
+ | |6.0 | ||
+ | |Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |PHPSESSION | ||
+ | | | ||
+ | |unknown | ||
+ | |[http://www.php.net/ The PHP Group] | ||
+ | |[http://www.php.net/ PHP] | ||
+ | |Any | ||
+ | |Web server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
|- | |- | ||
Line 34: | Line 85: | ||
|qfn5s9|14upcs5b29prn7al090 | |qfn5s9|14upcs5b29prn7al090 | ||
|unknown | |unknown | ||
− | |[http://www.mediawiki.org MediaWiki] | + | |[http://www.mediawiki.org/ MediaWiki] |
|[http://www.mediawiki.org/wiki/MediaWiki MediaWiki] | |[http://www.mediawiki.org/wiki/MediaWiki MediaWiki] | ||
|1.8 | |1.8 | ||
+ | |Content Management Server | ||
+ | |http://www.wikipedia.com/ | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |WebLogicSession | ||
+ | |(too large too fit here) | ||
+ | |unknown | ||
+ | |[http://www.bea.com/ BEA] | ||
+ | |[http://www.bea.com/framework.jsp?CNT=index.htm&FP=/content/products/weblogic BEA WebLogic] | ||
+ | |Any | ||
+ | |J2EE Application server | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |BIGipServerxxx_xxx_xxx_PROTO | ||
+ | |2893454590.19741.0000 | ||
+ | |[https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html Overview of BIG-IP persistence cookie encoding] | ||
+ | |[http://www.f5.com/ F5] | ||
+ | |[http://www.f5.com/products/bigip/ F5 BIG-IP] | ||
+ | |Any | ||
+ | |Load balancer | ||
+ | |TBD | ||
+ | |Used to mantain persistence based on original client when balancing to a farm. The cookie name contains the name of the web site being accessed as weel as the protocol used. | ||
+ | |||
+ | |- | ||
+ | |SERVERID | ||
+ | | | ||
+ | |unknown | ||
+ | |[http://haproxy.1wt.eu HAproxy] | ||
+ | |[http://haproxy.1wt.eu HAproxy] | ||
+ | |Any | ||
+ | |Load balancer | ||
+ | |TBD | ||
+ | |More information in the [ http://haproxy.1wt.eu/download/1.2/doc/architecture.txt Architecture documentation] | ||
+ | |||
+ | |- | ||
+ | |SaneID | ||
+ | |A.B.C.D-1018349510644 | ||
+ | |unknown | ||
+ | |[http://www.sane.com/ UNICA corporation] | ||
+ | |[http://www.unica.com/product/product.cfm?pw=untng Unica NetTracker] (formerly SANE NetTracker) | ||
+ | |Any | ||
+ | |Tracking visitors | ||
+ | |http://www.sane.com/ | ||
+ | |A.B.C.D is the IP address of the client accessing the site | ||
+ | |||
+ | |- | ||
+ | |ssuid | ||
+ | |Maxliw00vvM00001fbb6Oxn0wb | ||
+ | |unknown | ||
+ | |[http://www.vignette.com/ Vignette] | ||
+ | |[http://www.vignette.com/ Vignette] | ||
+ | |Any | ||
+ | |Content Manager | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |vgnvisitor | ||
+ | |Mawd0M00heY0000~fBiFkE0035 | ||
+ | |unknown | ||
+ | |[http://www.vignette.com/ Vignette] | ||
+ | |[http://www.vignette.com/ Vignette] | ||
+ | |Any | ||
+ | |Content Manager | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |SESSION_ID | ||
+ | |(too large too fit here) | ||
+ | |unknown | ||
+ | |[http://www.ibm.com/ IBM] | ||
+ | |[http://www.ibm.com/ IBM Net.Commerce] | ||
+ | |Any | ||
+ | |Application | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |NSES40Session | ||
+ | |2%253A3e57d375%253Adc59172283a7e72c | ||
+ | |unknown | ||
+ | |[http://www.redhat.com/ RedHat] | ||
+ | |[http://enterprise.netscape.com/ Netscape Enterprise Server] | ||
+ | |4.0 | ||
+ | |Application Server | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |iPlanetUserId | ||
+ | |A.B.C.D:29511018555049 | ||
+ | |unknown | ||
+ | |[http://www.sun.com/ Sun] | ||
+ | |iPlanet web server (discontinued, replaced by SunONE web server and later by [http://www.sun.com/software/products/web_srvr/home_web_srvr.xml Java System Application Server]) | ||
+ | |6.x | ||
+ | |Application Server | ||
+ | |TBD | ||
+ | |A.B.C.D is the client's IP address | ||
+ | |||
+ | |- | ||
+ | |gx_session_id_ | ||
+ | |f42d0282513ff402 | ||
+ | |unknown | ||
+ | |[http://www.sun.com/ Sun] | ||
+ | |[http://www.sun.com/software/products/appsrvr/index.xml Java System ApplicationServer]) | ||
+ | |TBD | ||
+ | |Application Server | ||
+ | |TBD | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |JROUTE | ||
+ | |VAyc | ||
+ | |Four characters. | ||
+ | |[http://www.sun.com/ Sun] | ||
+ | |[http://www.sun.com/software/products/appsrvr/index.xml Java System ApplicationServer]) | ||
+ | |http://www.sun.com/ | ||
+ | |Application Server | ||
+ | |TBD | ||
+ | |Used by the load balancing module to determine the server backend. | ||
+ | |||
+ | |- | ||
+ | |RMID | ||
+ | |d442af2b3d1ccf30 | ||
+ | |unknown | ||
+ | |[http://www.real.com/ Real] | ||
+ | |RealMedia OpenAdStream | ||
+ | |6.x | ||
+ | |Media Server | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |JSESSIONID | ||
+ | |afbx7QRlFZje | ||
+ | |unknown | ||
+ | |TBD | ||
+ | |Claudio Resin | ||
+ | |TBD | ||
+ | |J2EE Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |Apache | ||
+ | |A.B.C.D.265301162333949602 | ||
+ | |unknown | ||
+ | |[http://www.apache.org/ Apache Foundation] | ||
+ | |[http://httpd.apache.org/ Apache web server] | ||
+ | |http://www.paypal.com | ||
+ | |Web server | ||
+ | |Many | ||
+ | |A.B.C.D is the client's IP address | ||
+ | |||
+ | |||
+ | |- | ||
+ | |JSESSIONID | ||
+ | |4ah34a8xo1 | ||
+ | |unknown | ||
+ | |[http://www.apache.org/ Apache Foundation] | ||
+ | |[http://jakarta.apache.org/tomcat/ Jakarta Tomcat/JSERV] | ||
+ | |TBD | ||
+ | |J2EE Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |JSESSIONID | ||
+ | | | ||
+ | |TBD | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server] | ||
+ | |TBD | ||
+ | |J2EE Application server | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |JSESSIONID | ||
+ | | | ||
+ | |TBD | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www.ibm.com/software/webservers/httpservers/ IBM HTTP Server] | ||
+ | |TBD | ||
+ | |Web server | ||
+ | |Many | ||
+ | |When IHS is used as a plugin to WAS it will modify the JSESSIONID and add one value to identify the web server being balanced postfixing its name (as defined in the plugin configuration) | ||
+ | |||
+ | |- | ||
+ | |JSESSIONID | ||
+ | |80302068121025709932681 | ||
+ | |unknown | ||
+ | |[http://www.macromedia.com/ Macromedia] | ||
+ | |[http://www.macromedia.com/ Macromedia Jrun] | ||
+ | |TBD | ||
+ | |J2EE Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |CFID | ||
+ | | | ||
+ | |unknown | ||
+ | |[http://www.macromedia.com/ Macromedia] | ||
+ | |[http://www.macromedia.com/ Coldfusion] | ||
+ | |TBD | ||
+ | |Application server | ||
+ | |Many | ||
+ | |See [http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17919 KB#17919] and [http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_17915 KB#17915] | ||
+ | |||
+ | |||
+ | |||
+ | |- | ||
+ | |CFTOKEN | ||
+ | | | ||
+ | |unknown | ||
+ | |[http://www.macromedia.com/ Macromedia] | ||
+ | |[http://www.macromedia.com/ Coldfusion] | ||
+ | |TBD | ||
+ | |Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |CFGLOBALS | ||
+ | | | ||
+ | |unknown | ||
+ | |[http://www.macromedia.com/ Macromedia] | ||
+ | |[http://www.macromedia.com/ Coldfusion] | ||
+ | |TBD | ||
+ | |Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |RoxenUserID | ||
+ | |07761bc31df67ae8c4441a89bc7ceed5 | ||
+ | |unknown | ||
+ | |[http://www.roxen.com/ Roxen] | ||
+ | |[http://www.roxen.com/ Roxen Web Server] | ||
+ | |TBD | ||
+ | |Web server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |JServSessionIdroot | ||
+ | |vvni7vxu8n | ||
+ | |unknown | ||
+ | |[http://www.apache.org/ Apache Foundation] | ||
+ | |[http://java.apache.org/jserv/ ApacheJServ] | ||
+ | |TBD | ||
+ | |Web server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |||
+ | |- | ||
+ | |sesessionid | ||
+ | |ZJ0DMWIAAA51VQFI50BD0VA | ||
+ | |unknown | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server ] | ||
+ | |TBD | ||
+ | |Application server | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |PD-S-SESSION-ID | ||
+ | |2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | ||
+ | |unknown | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://publib.boulder.ibm.com/tividd/td/IBMAccessManagerfore-business6.0.html IBM Tivoli Access Manager WebSeal] (part of the IBM TAM for e-business) | ||
+ | |5.x, 6.x | ||
+ | |Reverse authentication proxy | ||
+ | |Many | ||
+ | |Where 'x' is {[A-Z],[a-z],[0-9],+,-}. The cookie is set as 'Secure' | ||
+ | |||
+ | |- | ||
+ | |PD_STATEFUL_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | ||
+ | |/LOCATION | ||
+ | |unknown | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://publib.boulder.ibm.com/tividd/td/IBMAccessManagerfore-business6.0.html IBM Tivoli Access Manager WebSeal] (part of the IBM TAM for e-business) | ||
+ | |5.x, 6.x | ||
+ | |Reverse authentication proxy | ||
+ | |Many | ||
+ | |This cookie is used when accessing an authenticated area. | ||
+ | |||
+ | |||
+ | |- | ||
+ | |WEBTRENDS_ID | ||
+ | |A.B.C.D-1091519275.658578 | ||
+ | |unknown | ||
+ | |[http://www.webtrends.com/ WebTrends] | ||
+ | |[http://www.webtrends.com/ WebTrends] | ||
+ | |TBD | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |__utmX | ||
+ | | | ||
+ | |unknown | ||
+ | |[http://www.google.com Google] | ||
+ | |[http://www.google.com/support/urchin45/bin/answer.py?answer=28307&topic=7425 Urchin Tracking Module] | ||
+ | |TBD | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |X can be 'a', 'b', 'c', 'v', 'z' ... | ||
+ | |||
+ | |||
+ | |- | ||
+ | |sc_id | ||
+ | | | ||
+ | |Number? | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |http://2o7.net | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |s_sq | ||
+ | | | ||
+ | |Number? | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |http://2o7.net | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |s_sess | ||
+ | | | ||
+ | |Number? | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |http://2o7.net | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |s_vi_XXXXXX | ||
+ | |[CS]v4|XXXX[CE] | ||
+ | |Number? | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |[http://www.omniture.com Omniture] | ||
+ | |http://2o7.net | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |The XXX part of the cookie name and content are of variable length. | ||
+ | |||
+ | |- | ||
+ | |MintUnique | ||
+ | |1 | ||
+ | |Number? | ||
+ | |[http://www.shauninman.com/ Shaun Inman] | ||
+ | |[http://haveamint.com/ Mint] | ||
+ | |TBD | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |MintXXXX | ||
+ | |1 | ||
+ | |Number? | ||
+ | |[http://www.shauninman.com/ Shaun Inman] | ||
+ | |[http://haveamint.com/ Mint] | ||
+ | |TBD | ||
+ | |Tracking visitors | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |SS_X_CSINTERSESSIONID | ||
+ | |0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej | ||
+ | |unknown | ||
+ | |[http://www.fatwire.com/ FatWire] | ||
+ | |[http://www.fatwire.com/ OpenMarket/FatWire Content Server] | ||
+ | |TBD | ||
+ | |Content server | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |||
+ | |- | ||
+ | |CSINTERSESSIONID | ||
+ | |0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs | ||
+ | |unknown | ||
+ | |[http://www.fatwire.com/ FatWire] | ||
+ | |[http://www.fatwire.com/ OpenMarket/FatWire Content Server] | ||
+ | |TBD | ||
+ | |Content server | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |||
+ | |- | ||
+ | |_sn | ||
+ | |u3YBSdYfaf0oa5H1hz7Tc0ccApc0T1Iz60QWgeSiMEA_ | ||
+ | |unknown | ||
+ | |[http://www.siebel.com/ Siebel] | ||
+ | |[http://www.siebel.com/ Siebel CRM] | ||
+ | |TBD | ||
+ | |Application | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |||
+ | |- | ||
+ | |BCSI-CSCXXXXXXX | ||
+ | |1 | ||
+ | |Number | ||
+ | |[http://www.bluecoat.com/ Bluecoat] | ||
+ | |[http://www.bluecoat.com/ BlueCoat Proxy] | ||
+ | |TBD | ||
+ | |Proxy | ||
+ | |Many | ||
+ | |None. | ||
+ | |||
+ | |- | ||
+ | |Ltpatoken | ||
+ | | TBD | ||
+ | | Base64 encoding +3DES encryption (ECB mode) using the server's DES password. Contains: TokenHeader[4 BYTES] + HexEncoded((DWORD)TokenCreationDate)[8 BYTES] + hexEncoded((DWORD)TokenExpirationDate)[8 BYTES] + Canonicalized username [variable] + SHA1(TokenHeader + TokenCreation + TokenExpiration + Username+Secret)[20 BYTES]. TokenHeader = First byte reserved, three bytes for secret sequence usage. TokenCreationDate = A number representing the time and date of the token creation. (TokenCreationDate is the number of seconds to elapse since midnight (00:00:00), January 1, 1970) in GMT. TokenExpirationDate = A number representing the time and date of the token expiration. (TokenExpirationDate is the number of seconds to elapse since midnight (00:00:00), January 1, 1970) in GMT | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server ] | ||
+ | |5.1 and earlier | ||
+ | |Application server | ||
+ | |TBD | ||
+ | |LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_msso.html for more information on decoding see http://www.penumbra.org/LWCM/forum.nsf/85255e6f0052055e85255d7f005ed8bc/FF6A0D36B80FBA6E85256CC60077C094?OpenDocument | ||
+ | |||
+ | |- | ||
+ | |Ltpatoken2 | ||
+ | | TBD | ||
+ | | TBD | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www.ibm.com/software/webservers/appserv/was/ IBM WebSphere Application Server] | ||
+ | |5.1.1 and later | ||
+ | |Application server | ||
+ | |TBD | ||
+ | |LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_msso.html | ||
+ | |||
+ | |- | ||
+ | |Ltpatoken | ||
+ | | TBD | ||
+ | | Base64 encoded, 3-des encrypted: header:server/userDn % timestamps % rsa-signature. Timestamp is the expiration date (in long). | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www-128.ibm.com/developerworks/lotus Lotus Domino] | ||
+ | |5.0x and later | ||
+ | |Application | ||
+ | |TBD | ||
+ | |LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://www.lotus.com/ldd/labscontent.nsf/lookup/session_auth, http://www.ibm.com/developerworks/ibm/library/it-0101art2/ and http://www.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/Main?OpenFrameSet. The cookie name can be changed (except for 5.0x servers) based on the iNotes_WA_AuthTokenName configuration variable. For more information on decoding see http://www.penumbra.org/LWCM/forum.nsf/85255e6f0052055e85255d7f005ed8bc/FF6A0D36B80FBA6E85256CC60077C094?OpenDocument | ||
+ | |||
+ | |||
+ | |||
+ | |- | ||
+ | |LtpatokenExpiry | ||
+ | |12:00:00+GMT+Today | ||
+ | | String | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www-128.ibm.com/developerworks/lotus Lotus Domino] | ||
+ | |5.0x and later | ||
+ | |Application | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |LtpatokenUsername | ||
+ | |CN=John+Doe/O=Org | ||
+ | |String | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www-128.ibm.com/developerworks/lotus Lotus Domino] | ||
+ | |5.0x and later | ||
+ | |Application | ||
+ | |TBD | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |DomAuthSessID | ||
+ | | TBD | ||
+ | | TBD | ||
+ | |[http://www.ibm.org/ IBM] | ||
+ | |[http://www-128.ibm.com/developerworks/lotus Lotus Domino] | ||
+ | |TBD | ||
+ | |Application | ||
+ | |TBD | ||
+ | |Session-based authentication in a single server, by default, the cookie expires after 30 minutes of inactivity. See http://www.ibm.com/support/docview.wss?uid=swg27003558 | ||
+ | |||
+ | |- | ||
+ | |connect.sid | ||
+ | | | ||
+ | |unknown | ||
+ | |[https://github.com/expressjs/session express-session] | ||
+ | |[http://www.expressjs.com/ ExpressJS] | ||
+ | |Any | ||
+ | |Web application framework | ||
+ | |Many | ||
+ | |None | ||
+ | |||
+ | |- | ||
+ | |Cookie Name | ||
+ | |Example Value | ||
+ | |Cookie Format | ||
+ | |Company Name | ||
+ | |Product Name | ||
+ | |Product Version | ||
+ | |Product Type | ||
+ | |Example Site | ||
+ | |Notes | ||
|} | |} | ||
− | |||
==Volunteers Needed== | ==Volunteers Needed== |
Latest revision as of 21:05, 27 April 2016
Welcome to OWASP Cookies Database Project
OWASP Cookies Database project is aimed to collect and maintain all possible web servers/applications cookie details like cookie name, cookie value and the product name/version which generated the cookies. This database can be used to fingerprint the product name/version by comparing the cookie names and values against the database. This will enhance the accuracy of the application fingerprinting.
The database is ordered as a "reverse-lookup" to facilitate finding technologies in a testing situation. If you need to use the data in another order, we recommend copying the table into a spreadsheet and sorting it according to your needs.
Please help us grow the database by adding the cookies from your technology. To gather the appropriate data, simply go to the webpage in question and type in the following in the URL bar of your browser...
javascript:alert(document.cookie)
Then create an entry in the table below using the following format. If you don't know what product or version are involved, please leave them blank, and perhaps others will be able to help you. Note, you may want to change a few bytes in the example cookie value so that you aren't disclosing a secret cookie value.
|- |wiki18_session |qfn5s9|14upcs5b29prn7al090 |unknown |MediaWiki |MediaWiki |1.8 |Used at http://www.wikipedia.com |None
Cookie Database
Cookie Name | Example Value | Cookie Format | Company Name | Product Name | Product Version | Product Type | Example Site | Notes |
JSESSIONID | unknown | Many | Many | Any | J2EE Application server | Many | Many appservers use this cookie including Claudio Resin, Jakarta Tomcat/JSERV, Macromedia Jrun | |
ASPSESSIONIDXXXXXXXX | XXXXXXXXXXXXXXXXXXXXXXXX | unknown | Microsoft | Microsoft Internet Information Services | 5.0 | Application server | Many | Cookie name varies by site |
ASP.NET_SessionId | 0hqed4qelkxvjj153tplacm0 | unknown | Microsoft | Microsoft Internet Information Services | 6.0 | Application server | Many | None |
PHPSESSION | unknown | The PHP Group | PHP | Any | Web server | Many | None
| |
wiki18_session | 14upcs5b29prn7al090 | unknown | MediaWiki | MediaWiki | 1.8 | Content Management Server | http://www.wikipedia.com/ | None
|
WebLogicSession | (too large too fit here) | unknown | BEA | BEA WebLogic | Any | J2EE Application server | TBD | None |
BIGipServerxxx_xxx_xxx_PROTO | 2893454590.19741.0000 | Overview of BIG-IP persistence cookie encoding | F5 | F5 BIG-IP | Any | Load balancer | TBD | Used to mantain persistence based on original client when balancing to a farm. The cookie name contains the name of the web site being accessed as weel as the protocol used. |
SERVERID | unknown | HAproxy | HAproxy | Any | Load balancer | TBD | More information in the [ http://haproxy.1wt.eu/download/1.2/doc/architecture.txt Architecture documentation] | |
SaneID | A.B.C.D-1018349510644 | unknown | UNICA corporation | Unica NetTracker (formerly SANE NetTracker) | Any | Tracking visitors | http://www.sane.com/ | A.B.C.D is the IP address of the client accessing the site |
ssuid | Maxliw00vvM00001fbb6Oxn0wb | unknown | Vignette | Vignette | Any | Content Manager | TBD | None |
vgnvisitor | Mawd0M00heY0000~fBiFkE0035 | unknown | Vignette | Vignette | Any | Content Manager | TBD | None
|
SESSION_ID | (too large too fit here) | unknown | IBM | IBM Net.Commerce | Any | Application | TBD | None
|
NSES40Session | 2%253A3e57d375%253Adc59172283a7e72c | unknown | RedHat | Netscape Enterprise Server | 4.0 | Application Server | TBD | None
|
iPlanetUserId | A.B.C.D:29511018555049 | unknown | Sun | iPlanet web server (discontinued, replaced by SunONE web server and later by Java System Application Server) | 6.x | Application Server | TBD | A.B.C.D is the client's IP address |
gx_session_id_ | f42d0282513ff402 | unknown | Sun | Java System ApplicationServer) | TBD | Application Server | TBD | None. |
JROUTE | VAyc | Four characters. | Sun | Java System ApplicationServer) | http://www.sun.com/ | Application Server | TBD | Used by the load balancing module to determine the server backend. |
RMID | d442af2b3d1ccf30 | unknown | Real | RealMedia OpenAdStream | 6.x | Media Server | TBD | None |
JSESSIONID | afbx7QRlFZje | unknown | TBD | Claudio Resin | TBD | J2EE Application server | Many | None |
Apache | A.B.C.D.265301162333949602 | unknown | Apache Foundation | Apache web server | http://www.paypal.com | Web server | Many | A.B.C.D is the client's IP address
|
JSESSIONID | 4ah34a8xo1 | unknown | Apache Foundation | Jakarta Tomcat/JSERV | TBD | J2EE Application server | Many | None |
JSESSIONID | TBD | IBM | IBM WebSphere Application Server | TBD | J2EE Application server | Many | None. | |
JSESSIONID | TBD | IBM | IBM HTTP Server | TBD | Web server | Many | When IHS is used as a plugin to WAS it will modify the JSESSIONID and add one value to identify the web server being balanced postfixing its name (as defined in the plugin configuration) | |
JSESSIONID | 80302068121025709932681 | unknown | Macromedia | Macromedia Jrun | TBD | J2EE Application server | Many | None |
CFID | unknown | Macromedia | Coldfusion | TBD | Application server | Many | See KB#17919 and KB#17915
| |
CFTOKEN | unknown | Macromedia | Coldfusion | TBD | Application server | Many | None
| |
CFGLOBALS | unknown | Macromedia | Coldfusion | TBD | Application server | Many | None | |
RoxenUserID | 07761bc31df67ae8c4441a89bc7ceed5 | unknown | Roxen | Roxen Web Server | TBD | Web server | Many | None
|
JServSessionIdroot | vvni7vxu8n | unknown | Apache Foundation | ApacheJServ | TBD | Web server | Many | None
|
sesessionid | ZJ0DMWIAAA51VQFI50BD0VA | unknown | IBM | IBM WebSphere Application Server | TBD | Application server | Many | None |
PD-S-SESSION-ID | 2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | unknown | IBM | IBM Tivoli Access Manager WebSeal (part of the IBM TAM for e-business) | 5.x, 6.x | Reverse authentication proxy | Many | Where 'x' is {[A-Z],[a-z],[0-9],+,-}. The cookie is set as 'Secure' |
PD_STATEFUL_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | /LOCATION | unknown | IBM | IBM Tivoli Access Manager WebSeal (part of the IBM TAM for e-business) | 5.x, 6.x | Reverse authentication proxy | Many | This cookie is used when accessing an authenticated area.
|
WEBTRENDS_ID | A.B.C.D-1091519275.658578 | unknown | WebTrends | WebTrends | TBD | Tracking visitors | Many | None. |
__utmX | unknown | Urchin Tracking Module | TBD | Tracking visitors | Many | X can be 'a', 'b', 'c', 'v', 'z' ...
| ||
sc_id | Number? | Omniture | Omniture | http://2o7.net | Tracking visitors | Many | None. | |
s_sq | Number? | Omniture | Omniture | http://2o7.net | Tracking visitors | Many | None. | |
s_sess | Number? | Omniture | Omniture | http://2o7.net | Tracking visitors | Many | None. | |
s_vi_XXXXXX | XXXX[CE] | Number? | Omniture | Omniture | http://2o7.net | Tracking visitors | Many | The XXX part of the cookie name and content are of variable length. |
MintUnique | 1 | Number? | Shaun Inman | Mint | TBD | Tracking visitors | Many | None. |
MintXXXX | 1 | Number? | Shaun Inman | Mint | TBD | Tracking visitors | Many | None. |
SS_X_CSINTERSESSIONID | 0001P73k2FUEYEU4Ks5TtKxcs2K:vv0b9pej | unknown | FatWire | OpenMarket/FatWire Content Server | TBD | Content server | Many | None.
|
CSINTERSESSIONID | 0001xquPwAx2NFUFvi7yw-43f35:vv7sdeqs | unknown | FatWire | OpenMarket/FatWire Content Server | TBD | Content server | Many | None.
|
_sn | u3YBSdYfaf0oa5H1hz7Tc0ccApc0T1Iz60QWgeSiMEA_ | unknown | Siebel | Siebel CRM | TBD | Application | Many | None.
|
BCSI-CSCXXXXXXX | 1 | Number | Bluecoat | BlueCoat Proxy | TBD | Proxy | Many | None. |
Ltpatoken | TBD | Base64 encoding +3DES encryption (ECB mode) using the server's DES password. Contains: TokenHeader[4 BYTES] + HexEncoded((DWORD)TokenCreationDate)[8 BYTES] + hexEncoded((DWORD)TokenExpirationDate)[8 BYTES] + Canonicalized username [variable] + SHA1(TokenHeader + TokenCreation + TokenExpiration + Username+Secret)[20 BYTES]. TokenHeader = First byte reserved, three bytes for secret sequence usage. TokenCreationDate = A number representing the time and date of the token creation. (TokenCreationDate is the number of seconds to elapse since midnight (00:00:00), January 1, 1970) in GMT. TokenExpirationDate = A number representing the time and date of the token expiration. (TokenExpirationDate is the number of seconds to elapse since midnight (00:00:00), January 1, 1970) in GMT | IBM | IBM WebSphere Application Server | 5.1 and earlier | Application server | TBD | LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_msso.html for more information on decoding see http://www.penumbra.org/LWCM/forum.nsf/85255e6f0052055e85255d7f005ed8bc/FF6A0D36B80FBA6E85256CC60077C094?OpenDocument |
Ltpatoken2 | TBD | TBD | IBM | IBM WebSphere Application Server | 5.1.1 and later | Application server | TBD | LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_msso.html |
Ltpatoken | TBD | Base64 encoded, 3-des encrypted: header:server/userDn % timestamps % rsa-signature. Timestamp is the expiration date (in long). | IBM | Lotus Domino | 5.0x and later | Application | TBD | LTPA (Lightweight Third Party Authentication) is used for Single Sign On. For more information see http://www.lotus.com/ldd/labscontent.nsf/lookup/session_auth, http://www.ibm.com/developerworks/ibm/library/it-0101art2/ and http://www.lotus.com/ldd/doc/domino_notes/7.0/help7_admin.nsf/Main?OpenFrameSet. The cookie name can be changed (except for 5.0x servers) based on the iNotes_WA_AuthTokenName configuration variable. For more information on decoding see http://www.penumbra.org/LWCM/forum.nsf/85255e6f0052055e85255d7f005ed8bc/FF6A0D36B80FBA6E85256CC60077C094?OpenDocument
|
LtpatokenExpiry | 12:00:00+GMT+Today | String | IBM | Lotus Domino | 5.0x and later | Application | TBD | None |
LtpatokenUsername | CN=John+Doe/O=Org | String | IBM | Lotus Domino | 5.0x and later | Application | TBD | None |
DomAuthSessID | TBD | TBD | IBM | Lotus Domino | TBD | Application | TBD | Session-based authentication in a single server, by default, the cookie expires after 30 minutes of inactivity. See http://www.ibm.com/support/docview.wss?uid=swg27003558 |
connect.sid | unknown | express-session | ExpressJS | Any | Web application framework | Many | None | |
Cookie Name | Example Value | Cookie Format | Company Name | Product Name | Product Version | Product Type | Example Site | Notes |
Volunteers Needed
If you are interested in participating this project, drop a mail to syedma 'at' microland.net. The sucess of this project depends on more and more number of participants and cookie signatures
This category currently contains no pages or media.