Skip to content

jrconlin/cookie_munger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github
.github
 
 
cookie_munger
cookie_munger
 
 
img
img
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Cookie Munger

This is a stupid idea.

It came about because of a micro-post about sites that force you to accept cookies.

I looked at a site and noticed a bunch of fairly complicated cookies being stuffed into my browser. Since I work on backend stuff and know exactly how folks love to screw with anything you hand them, I decided to create something that screws with what they've given me.

Ideally, you give it a URL, it fetches and analyzes the cookies the site gave you, then turns around and dumps random crap back at the site, that are almost, but not quite like what it just got.

Because cookies are delicious and edible.

So why not let some site's demographic and analytic database enjoy a few edibles?

Installing

It's a python thing.

You probably want to run

poetry install

(Hint if poetry isn't installed on your computer it's pretty easy to install )

After that...

poetry run cookie-munger -h

Optionally, you can use the env val PYTHON_LOG to set the logging level (e.g. PYTHON_LOG=debug poetry run cookie-munger)

which will show he options.

What the hell does this do?

Cookies are little bits of data that a site wants you to hold for it. When you come back, your browser is supposed to send back the same bits of data.

Cookie munger, well, munges the values that get returned.

I could have just made up a bunch of random crap and returned that. But, well, that's no fun. I mean it is, but it's not really fun.

No, cookie munger is a bit more clever about things.

If a cookie looks like a date, cookie_munger picks a random date from the UNIX EPOCH and returns it.

If it's a number, cookie munger returns a random number of equal digits.

If a it looks like base64 encoded JSON blob, cookie munger decodes, analyzes the JSON and returns appropriately munged values for each of the associated key values, then re-encodes it back into base64.

etc. (because it definitely does etc.)

It will then return new, randomly generated values as many times as you tell it because, yeah, why not?

The idea is basically to provide "interesting" results to whatever analytics engine may be accepting the data from the parsed cookie it just got back. Maybe then sites might not be quite as quick to dole out cookies to folks when they first show up, because who knows what sort of fun things they might get back?

About

A stupid idea to abuse the hell out of cookies, because who doesn't like fuzzy cookies?

Topics

python cookies fuzzing

Resources

Readme

License

GPL-3.0 license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages