Rafiot
commented
4 years ago Current status:
- Each
URLNodehas two new features:cookies_received:List[Tuple[<domain>, <name>=<value>, <is_3rd_party>]]cookies_sent:Dict[<name>=<value>] = List[Dict['hostname': <setter URLNode Hostname>, 'uuid': <setter URLNode Hostname>, 'name': <setter URLNode URL>, '3rd_party': is_3rd_party]]
It allows to run a lookup (from the tree) for each cookies to figure out which URL(s) (can be a list) were setting it.
There there can be entries in cookies_sent that aren't in cookies_received because cookies can be created in JS (https://www.w3schools.com/js/js_cookies.asp) so they're not in the set-cookie HTTP headers.
I'm unsure if it is possible to create a cookie, and then read it without having it sent along a request (and visible in the HAR), but we should figure that out and scrapy/splash can help with that, thanks to the LUA module: https://github.com/scrapy-plugins/scrapy-splash#session-handling
We will need to instrument something along these lines anyway for the scraping while loged-in feature (https://github.com/CIRCL/lookyloo/issues/45).
stale[bot]
Goal
Which URL(s) are reading a specific cookie.
What I want to see
A cookie is set by a URL -> list every URL that read this cookie
Question
Somehow display that on the hostname tree :man_shrugging: