Forum Discussion
Nik_67256
Nimbostratus
Jun 06, 2012ASM Injections
Hello All,
I had 2 Queries on what is injected in the traffic/URI's by ASM or any other manipulation done by it that alters the original state.
1) Is ASM cookie injected in the header of the traffic passing through ASM , irrespective of not
selecting any of these in the policy--> blocking screen
ASM Cookie Hijacking
Expired timestamp
Modified ASM cookie
Modified domain cookie(s)
2) Besides CSRT token i injection (for CSRF protection) and java script injection (for Web Scrapping ) are there any other injections/manipulations happening in the traffic or URI/URLs? If so what are they ?
regards
Nik
- Attack_Signatur
Nimbostratus
The ASM will always inject the TS* cookie, even in transparent. This allows the ASM to track information about individual clients such as their IP address. When a TS* cookie becomes associated with another client from a different IP address then it will suspect a cookie hijacking has taken place.
I have only seen the ASM inject CSRF tokens (when CSRF was turned on) and Web Scraping JavaScript. I have never seen any other manipulations.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects