Forum Discussion

Nimbostratus

Jun 06, 2012

ASM Injections

Hello All, I had 2 Queries on what is injected in the traffic/URI's by ASM or any other manipulation done by it that alters the original state. 1) Is ASM cookie injected in ...

management

monitoring

Attack_Signatur

Nimbostratus

Jun 09, 2014

The ASM will always inject the TS* cookie, even in transparent. This allows the ASM to track information about individual clients such as their IP address. When a TS* cookie becomes associated with another client from a different IP address then it will suspect a cookie hijacking has taken place.

I have only seen the ASM inject CSRF tokens (when CSRF was turned on) and Web Scraping JavaScript. I have never seen any other manipulations.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)