PAS-18: Extract interesting paths from Cookies

Issue Information

Issue Type: New Feature
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PCAP Analysis Script (PAS)
Resolution: Unresolved
Affects Version: 0.1,
Target version: 0.1,
Labels: Cookies,

Created: 2015-11-26 18:18:17
Time Spent Working
60 minutes
45 minutes
15 minutes

PAS-3 introduced a mechanism for locating paths marked as "interesting" within HTTP requests (including referer) headers.

However, as noted here - - it may also be possible to extract interesting information from cookie values.

The way in which the pattern matching is performed will need to be slightly different though, so should probably add an additional option for

Once paths are extracted, they should be added to interestingdomains-full.csv with the third column being "HTTP Cookie".

As in the LinkedIn example, it might be possible to extract a timestamp of the user visiting (or technically, leaving) that path, so should look at adding that as a 4th column

Issue Links

Toggle State Changes


Repo: PCAPAnalyseandReport
Commit: 183a1728d007e4a666dffc76354c2a801091c0ec
Author: Ben Tasker <github@<Domain Hidden>>

Date: Fri Nov 27 00:01:34 2015 +0000
Commit Message: Implemented extraction of data from Google Analytics cookie. See PAS-18

Modified (-)(+)

Webhook User-Agent


View Commit

The script will now pull path's out of any Google Analytics _utmz cookie that has been observed. Currently the results are added to _interestingdomains-full.csv along with a timestamp of when that cookie was apparently set (or perhaps updated).

Field 2 is set to "GA Cookie" for any it does manage to extract
btasker changed timespent from '0 minutes' to '15 minutes'

Work log

Ben Tasker
2015-11-27 00:03:24

Time Spent: 15 minutes
Log Entry: Implementing and testing