For the browser, try the following:

Sessions Auditor - www.idefense.com/idtools/Session_Auditor.zip
WebSleuth - www.geocities.com/dzzie/sleuth
WebProxy -www.atstake.com/research/tools/index.html
HTTPush - httpush.sourceforge.net
Achilles - www.digizen-security.com/downloads.html
MiniBrowser - aignes.com/download.htm

-----Original Message-----
From: Marty Block [mailto:martykesem.net]
Sent: Tuesday, July 02, 2002 2:11 PM
To: webappsecsecurityfocus.com
Subject: Help finding a cookie generator

Hi
we're a coldfusion/iis/win2k shop that has recently discovered our server is
placing cookies on visitors browsers. the signature of the cookie starts
with EGSOFT. we contacted them and the rest of the signature does not
resemble "one of there's"

We're left witht he conclusion that even with firewall, lots of iis and
win2k config and lockdown, we got some kind of worm.

What I need is to try to figure out what process or program is doing this.
What kind of tools can i use to watch the incoming/outbound traffic to the
browser and what can I do at the server to look at the processes which might
be involved.

Thanks,

Marty

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]