Re: Strange cookies
- From: Marco Ivaldi <raptor@xxxxxxxxxxxxxxxx>
- Date: Thu, 24 Apr 2008 10:16:08 +0200 (ora solare Europa occidentale)
Dirk,
On Wed, 23 Apr 2008, Dirk Reimers wrote:
Hi all,
[snip]
Does anybody of you guys have some experiences in testing the randomness of cookies? Maybe any tools like n-gram analysis that work with a bounch of numbers?
You may want to try these free tools:
http://portswigger.net/sequencer/
http://lcamtuf.coredump.cx/stompy.tgz
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Futhermore, most commercial web application testing suites also include their own tool for analyzing the degree of randomness in session tokens, AFAIK.
Some other useful resources on this subject:
http://blog.portswigger.net/2007/10/introducing-burp-sequencer.html
http://seclists.org/bugtraq/2007/Jan/0626.html
http://www.owasp.org/index.php/Testing_for_Session_Management_Schema
http://www.xs4all.nl/~scusi/SessionID-release/www/index.html
https://addons.mozilla.org/it/firefox/addon/573
Hope this helps. Cheers,
--
Marco Ivaldi, OPST
Red Team Coordinator Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Strange cookies
- From: Dirk Reimers
- Strange cookies
- Prev by Date: Secure Code review for JAVA applications
- Next by Date: Re: Social Engineering Pentest
- Previous by thread: Strange cookies
- Next by thread: Secure Code review for JAVA applications
- Index(es):
