##########################################################################################

       PAS-18: Extract interesting paths from Cookies

##########################################################################################


Issue Type: New Feature 
-----------------------------------------------------------------------------------------

Issue Information
====================

Priority: Major					Status:      Open
Resolution:  Unresolved
Project: PCAP Analysis Script (PAS)


Reported By: btasker					
Assigned To: btasker

Components: 
	- HTTP 
	- Data Correlation and Extraction 

Affected Versions:		
	- 0.1  			


Targeted for fix in version: 
	- 0.1

Labels: Cookies, 

Time Estimate: 45 minutes
Time Logged:   15 minutes


-----------------------------------------------------------------------------------------

Issue Description
==================

PAS-3 introduced a mechanism for locating paths marked as "interesting" within HTTP
requests (including referer) headers.

However, as noted here -
http://projects.bentasker.co.uk/jira_projects/browse/PAS-3.html#comment1298875 - it may
also be possible to extract interesting information from cookie values.

The way in which the pattern matching is performed will need to be slightly different
though, so should probably add an additional option for _config.sh_

Once paths are extracted, they should be added to _interestingdomains-full.csv_ with the
third column being "HTTP Cookie".

As in the LinkedIn example, it might be possible to extract a timestamp of the user
visiting (or technically, leaving) that path, so should look at adding that as a 4th
column

-----------------------------------------------------------------------------------------

Issue Relations
================
	
	- relates to PAS-3: Allow configuration of "interesting" Referrers


-----------------------------------------------------------------------------------------

Activity
==========

	
-----------------------------------------------------------------------------------------
2015-11-27 00:02:21              git
-----------------------------------------------------------------------------------------


-- BEGIN QUOTE --


Repo: PCAPAnalyseandReport
Commit: 183a1728d007e4a666dffc76354c2a801091c0ec
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 00:01:34 2015 +0000
Commit Message: Implemented extraction of data from Google Analytics cookie. See PAS-18



Modified (-)(+)
-------
PCAP_Analysis.sh



-- END QUOTE --

*Webhook User-Agent*


-- BEGIN SNIPPET --

GitHub-Hookshot/333881f
 -- END SNIPPET --

https://github.com/bentasker/PCAPAnalyseandReport/commit/183a1728d007e4a666dffc76354c2a801091c0ec


	
-----------------------------------------------------------------------------------------
2015-11-27 00:03:07              btasker
-----------------------------------------------------------------------------------------

The script will now pull path's out of any Google Analytics __utmz cookie that has been
observed. Currently the results are added to _interestingdomains-full.csv_ along with a
timestamp of when that cookie was apparently set (or perhaps updated).

Field 2 is set to "GA Cookie" for any it does manage to extract
	
-----------------------------------------------------------------------------------------
2015-11-27 00:03:24              
-----------------------------------------------------------------------------------------

btasker changed timespent from '0 minutes' to '15 minutes'


-----------------------------------------------------------------------------------------

Worklog
========

 
-----------------------------------------------------------------------------------------
2015-11-27 00:03:24              btasker

15 minutes
-----------------------------------------------------------------------------------------

Implementing and testing