ghostwords
commented
10 months ago Hello! Right now the list mostly consists of a bunch of language codes. What made you consider adding country codes?
Closed colleirose closed 6 months ago
ghostwords
commented
10 months ago Hello! Right now the list mostly consists of a bunch of language codes. What made you consider adding country codes?
colleirose
commented
10 months ago Well, many websites ask you to input your country, for example so that it can show you the version of the site for your area or something like that. A country code alone isn't enough to identify someone and there can be legitimate reasons for collecting it similarly to languages
ghostwords
commented
10 months ago I see, thank you. Was there a specific website or websites that made you think of this?
colleirose
commented
10 months ago Yes, I've remembered running into country codes in cookie values before but I don't know how often this is, the most recent one would be a website I found when doing a reverse image search in a CTF and clicking a website in the results and thinking to check the cookie values out of curiosity (I don't remember the name of the site but I can try to find it again when I have more free time), it seems like something that most websites would do but I don't know for sure, I'm unsure how to test a hypothesis like this because I don't have a tool to scan the Internet for common cookies or something to that effect
Adds ISO-3166 country codes to the low entropy cookie values