Issue in cookie based tech detection

projectdiscovery / wappalyzergo

A high performance go implementation of Wappalyzer Technology Detection Library

MIT License

698 stars 107 forks source link

Issue in cookie based tech detection #10

Closed stikhun closed 2 years ago

stikhun commented 2 years ago

Sorry for my bad english, using google translate.

defines only if the fingerprint is immediately after Set-Cookie: eg (Set-Cookie:[laravel_session=) but if somewhere in the middle, such as (Set-Cookie:[XSRF-TOKEN=; expires=, ...; ...; path=/ laravel_session=eyJ*;) then no longer defines

example domains: hit4central.com shcherbyna-advocat.com amiguiec.xyz hiom.in puncbimsi.cf suzuki.com.pl

ehsandeep commented 2 years ago

@stikhun this issue is already fixed in the past, here is working example with changed position of the cookie value :- https://go.dev/play/p/2o2eWLGRhN4

There is another possible bug that causing to miss valid tech that needs to explored futher, for example:

echo shcherbyna-advocat.com | httpx -td

results into

http://shcherbyna-advocat.com [Google Font API,Google Tag Manager,Lightbox,LiteSpeed,PHP]

with missing Laravel in output.

stikhun commented 2 years ago

70% of sites have cookies in this format: path=/ laravel_session= https://go.dev/play/p/sQ7ygwFHEnd

ehsandeep commented 2 years ago

I see what you mean, thanks for sharing the additonal info.

ehsandeep commented 2 years ago

@stikhun this is now fixed with https://github.com/projectdiscovery/wappalyzergo/pull/11