Web Tech Detection viaa Tokens, Headers & Cookies

PreviousPassword reset poisoning NextBurpsuite through SOCKS5

Last updated 5 months ago

Web Tech Detection viaa Tokens, Headers & Cookies

Language/Framework

Common Headers or Cookies

Token Patterns

Additional Indicators

PHP

PHPSESSID, laravel_session, ci_session

- CSRF: csrf_test_name, X-CSRF-TOKEN (Laravel) - JWT: Authorization: Bearer

Cookie length; Base64-encoded tokens

Python (Django)

csrftoken, sessionid

- CSRF: X-CSRFToken - JWT: Authorization: Bearer

Use of headers like X-CSRFToken

Ruby on Rails

_rails_session, _csrf_token

- CSRF: authenticity_token in forms

Clean URLs; RESTful route names

Java (Spring)

JSESSIONID

- CSRF: X-CSRF-TOKEN - JWT: Authorization: Bearer

Common names like JSESSIONID

Node.js (Express)

connect.sid

- JWT: Authorization: Bearer

Routes like /api or /auth; custom headers

.ASPXAUTH, .AspNet.Session

- CSRF: __RequestVerificationToken in forms - JWT: Authorization: Bearer

Cookies with .ASPX

Core**

.AspNetCore.Session, .AspNetCore.Identity

- CSRF: RequestVerificationToken

Middleware for JWT and OAuth2

Laravel (PHP)

laravel_session, XSRF-TOKEN

- CSRF: X-CSRF-TOKEN

SHA-256 encoded tokens

CodeIgniter (PHP)

ci_session

- CSRF: csrf_test_name in forms

Lightweight cookies, basic values

Angular (Frontend)

X-XSRF-TOKEN, Authorization: Bearer

- JWT in headers or cookies

Common use of AngularJS in SPAs

React (Frontend)

Authorization: Bearer

- JWT and OAuth2

Tokens managed in local storage or cookies

Vue.js (Frontend)

Authorization: Bearer, X-XSRF-TOKEN

- Similar to Angular

Libraries for handling CSRF and OAuth2

Flask (Python)

session, csrf_token

- JWT: Authorization: Bearer

RESTful APIs with clear routes

FastAPI (Python)

Authorization: Bearer

- JWT: Authorization: Bearer

Similar to Flask, more OpenAPI oriented

Symfony (PHP)

PHPSESSID, symfony

- CSRF: tokens in forms

Custom cookie names

Spring Boot (Java)

JSESSIONID

- JWT: Authorization: Bearer - CSRF: X-CSRF-TOKEN

RESTful routes like /v1/api/

Express.js (Node)

connect.sid

- JWT in headers

Flexible cookie and middleware handling

Django Rest Framework (Python)

Authorization: Bearer

- JWT: Authorization: Bearer

REST prefixes in routes, like /api/v1/

Next.js (React)

Authorization: Bearer, custom cookies

- CSRF or JWT tokens

Combined use of APIs and SSR

PreviousPassword reset poisoning NextBurpsuite through SOCKS5

Last updated 5 months ago

Language/Framework

Common Headers or Cookies

Token Patterns

Additional Indicators

PHP

PHPSESSID, laravel_session, ci_session

- CSRF: csrf_test_name, X-CSRF-TOKEN (Laravel) - JWT: Authorization: Bearer

Cookie length; Base64-encoded tokens

Python (Django)

csrftoken, sessionid

- CSRF: X-CSRFToken - JWT: Authorization: Bearer

Use of headers like X-CSRFToken

Ruby on Rails

_rails_session, _csrf_token

- CSRF: authenticity_token in forms

Clean URLs; RESTful route names

Java (Spring)

JSESSIONID

- CSRF: X-CSRF-TOKEN - JWT: Authorization: Bearer

Common names like JSESSIONID

Node.js (Express)

connect.sid

- JWT: Authorization: Bearer

Routes like /api or /auth; custom headers

.ASPXAUTH, .AspNet.Session

- CSRF: __RequestVerificationToken in forms - JWT: Authorization: Bearer

Cookies with .ASPX

Core**

.AspNetCore.Session, .AspNetCore.Identity

- CSRF: RequestVerificationToken

Middleware for JWT and OAuth2

Laravel (PHP)

laravel_session, XSRF-TOKEN

- CSRF: X-CSRF-TOKEN

SHA-256 encoded tokens

CodeIgniter (PHP)

ci_session

- CSRF: csrf_test_name in forms

Lightweight cookies, basic values

Angular (Frontend)

X-XSRF-TOKEN, Authorization: Bearer

- JWT in headers or cookies

Common use of AngularJS in SPAs

React (Frontend)

Authorization: Bearer

- JWT and OAuth2

Tokens managed in local storage or cookies

Vue.js (Frontend)

Authorization: Bearer, X-XSRF-TOKEN

- Similar to Angular

Libraries for handling CSRF and OAuth2

Flask (Python)

session, csrf_token

- JWT: Authorization: Bearer

RESTful APIs with clear routes

FastAPI (Python)

Authorization: Bearer

- JWT: Authorization: Bearer

Similar to Flask, more OpenAPI oriented

Symfony (PHP)

PHPSESSID, symfony

- CSRF: tokens in forms

Custom cookie names

Spring Boot (Java)

JSESSIONID

- JWT: Authorization: Bearer - CSRF: X-CSRF-TOKEN

RESTful routes like /v1/api/

Express.js (Node)

connect.sid

- JWT in headers

Flexible cookie and middleware handling

Django Rest Framework (Python)

Authorization: Bearer

- JWT: Authorization: Bearer

REST prefixes in routes, like /api/v1/

Next.js (React)

Authorization: Bearer, custom cookies

- CSRF or JWT tokens

Combined use of APIs and SSR