Have some code. Share some code.
Showing results for 
Search instead for 
Did you mean: 

Problem this snippet solves:

The TokenChpoken attack, which affects systems that use Single Sign-On (SSO), is possible because an authentication cookie (PS_TOKEN) used by PeopleSoft applications can be forged.

The PS_TOKEN cookie is generated when a user first signs in to a PeopleSoft application. When users log in to a different server, the browser sends this cookie for authentication so that the user doesn’t have to enter his/her credentials again.

The complete description of the attack can be found here :

How to use this snippet:

insert the code example in the Virtual Server that publish the PeopleSoft application.

External links

Github :

Code :

when RULE_INIT {
  set cookieToken "PS_TOKEN"
  # to be changed prior to any publishing
  set passphrase "hEuoYjmFUpB4PcpO3bUdQtLP4ic7jjm"
  if { [HTTP::cookie exists $cookieToken ] } {
    HTTP::cookie encrypt $cookieToken $passphrase
  if { [HTTP::cookie exists $cookieToken ] } {
    set decrypted [HTTP::cookie decrypt $cookieToken $passphrase]
    if { ($decrypted eq "") } {
      # Cookie wasn't encrypted, delete it
      HTTP::cookie remove $cookieToken 

Tested this on version:

Version history
Last update:
‎03-Jun-2016 12:49
Updated by: