Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Vitaly Osipov (wittiol.ie)
Date: Tue Jul 02 2002 - 15:12:13 CDT
----- Original Message -----
From: "Marty Block" <martykesem.net>
> What I need is to try to figure out what process or program is doing this.
> What kind of tools can i use to watch the incoming/outbound traffic to the
> browser and what can I do at the server to look at the processes which
> be involved.
Cookie is stored by a browser only on direct request of the web server to do
so, that is, client connects to the server (to port 80 I guess), then
receives a reply - headers plus body. One of headers is used to create a
cookie. So the only way a cookie can be introduced is by web server. So
either your whole installation is compromised, or, much more likely, there
is something misconfigured on your IIS.
Simply use netcat/telnet to connect to the server and check the headers