Closed cblack-r7 closed 3 years ago
The Sage X3 web application server (Syracuse) can be identified by a cookie in the format of "syracuse.sid.", making it a pretty simple signature.
The Sage X3 web interface uses a predictable cookie to identify it. This is a heavily deployed ERP product. Some product info:
Match test:
~/src/recog $ printf 'syracuse.sid.8124=8b102bf7-327c-4962-9279-550e72afcaa9; path=/; HttpOnly\n' | ./bin/recog_match xml/http_cookies.xml - MATCH: {"matched"=>"Sage X3 Syracuse Web Server", "cookie"=>nil, "service.vendor"=>"Sage", "service.family"=>"Sage X3 Syracuse Web Server", "service.product"=>"Sage X3 Syracuse Web Server", "service.protocol"=>"http", "fingerprint_db"=>"http_header.cookie", "data"=>"syracuse.sid.8124=8b102bf7-327c-4962-9279-550e72afcaa9; path=/; HttpOnly"}
Happy to run more tests or spin up my test instance again if requested.
@cblack-r7 - Landed, sorry for the delays
Description
The Sage X3 web application server (Syracuse) can be identified by a cookie in the format of "syracuse.sid.", making it a pretty simple signature.
Motivation and Context
The Sage X3 web interface uses a predictable cookie to identify it. This is a heavily deployed ERP product. Some product info:
How Has This Been Tested?
Match test:
Happy to run more tests or spin up my test instance again if requested.
Types of changes
Checklist: