HTTP
cookies
--resolve
#
# Server-side
HTTP/1.1 301 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 6
Set-Cookie: SESSIONID=originaltoken; secure
Set-Cookie: second=originaltoken; secure; path=/a
Location: http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER0002
-foo-
HTTP/1.1 301 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 6
Set-Cookie: SESSIONID=hacker; domain=attack.invalid;
Set-Cookie: second=replacement; path=/a/b
Location: https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER0003
-foo-
HTTP/1.1 200 OK
Date: Tue, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 6
-foo-
#
# Client-side
http
https
HTTPS sec-cookie, HTTP redirect, same name cookie, redirect back
https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER -k -c %LOGDIR/cookie%TESTNUMBER --resolve attack.invalid:%HTTPSPORT:%HOSTIP --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
#
# Verify data after the test has been "shot"
GET /a/b/%TESTNUMBER HTTP/1.1
Host: attack.invalid:%HTTPSPORT
User-Agent: curl/%VERSION
Accept: */*
GET /a/b/%TESTNUMBER0002 HTTP/1.1
Host: attack.invalid:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
GET /a/b/%TESTNUMBER0003 HTTP/1.1
Host: attack.invalid:%HTTPSPORT
User-Agent: curl/%VERSION
Accept: */*
Cookie: SESSIONID=originaltoken; second=originaltoken