Cookie Crumbles: Breaking and Fixing Web Session Integrity
This artifact is provided to support the evaluation of all the results presented in the paper. In particular, (i) the cross-browser testing suite used to validate the results presented in Table 2, (ii) the toolchain developed to automatically test server-side cookie parsers (Section 4.2.2), (iii) the dataset and processing code of our cookie measurement study presented (Section 4.4), (iv) reproducible proof-of-concept attacks against vulnerable Web frameworks (Section 6), as well as (v) the ProVerif models and scripts (Section 7).
Usage
Refer to the README.md files in the corresponding directories for detailed instructions on how to use each component of the artifact.
Credits
All the code in this artifact was developed by:
- Marco Squarcina, TU Wien
- Pedro Adão, Instituto Superior Técnico, ULisboa and Instituto de Telecomunicações
- Lorenzo Veronese, TU Wien