HTTP cookies import

🗓️ 25 Nov 2009 00:00:00Reported by TenableType
Import HTTP cookies in Netscape format for web test
#TRUSTED 51a7de953847b0a9e2c85dda74023058c3709f763d7a20db5e5f7ab3294e23645c8c7f3d7b3db9d16baab008d8e5fca8e246f63027fd2bc756b7f5859724f72d41bb83bf4f1e452007aee068adb45461e6885977fd5c776f464a06b3da02298dc813cd60bdb80ec213c0254aec47690dbc37a1955cafeece87dcdfc04c067c096c148e5090cc02df129813428e93b85ecbb6bf62b39c79f43e2b20ece3607b42bd2b860a633a277853171d7b3c5772f4f7b499f14411d906003abee911c032edf1f288e4e6bf8c838d66ebfe15643ffb9a8494b5cb34bf57991a298325cebbffc6c7635cfc032690b999ff8ed6bd9c1e4612102283eb1e16d012b720222d51652bdc53d7a712770744bffd2c784915f273a2d4f80803b3c395381916c6fe88548d2a5cea19e8b7bc4512ae58990db2c0dac156619bf0d98f25527f6f6abffeb2d7ed5b1396762d5381caf7c1139dee322e6223acd1678d8681713af4b801d412b95ae26444ae80fdc90ebd10ecdb863c57ddbca1f82baef82cf07c388f6ea969909573e771185f035c5939f9e82d05ea17616fe4141ad60c3faf65b73ca083d65c656b1ed8cbdf0cae729b7f4a93064007eb099d84b991507073195d11bfa63ac680907331417fbb483794df671e841ce11ee40a08909e7d6ccc2d1ca35bc7239ad4ea38e84e6d504a994cdf8f509f7153a4c5b55b0ca4e3cf0b69ee7d33a658
#TRUST-RSA-SHA256 1200a12c6ded92c9d5c22ace271dbf1b3273b6033ba8eb4c8c4a68c5cb2d1223170d157487507aa04f4550216515680053426d1f11192820f1794509d9345dd1e834cc9528c9da42c0aa4a217243f87d5e29f0fbe266b83d30b0d208a2299cb3688a4e24778a950e617fcf75a4bf7846253dc576ffe0d0dda84fb66f24bf1f6ba06e024e7d97362968c8766ac9993f8c79f7d4b53041df719cbe84f025795d9941d564698e30fae111b4d68446bc16e10cc11280155d6ade30de0987639f907ee4ad3ad5b91e963f113d1aa8373569e0338718ccea23776975b79fe99ec4694fc2f83025827aa90d5c857703ecaa1ad963ce0772156af281e6b06e1b691ddbf0cbc72da18f28f12e29407f9c08e41d7aef2bbea6314cb646b35483c50a7498ee27fee1fa8680814ddba798c0c7257b4d05bf28399cda39532064b8bc73749211ba8919f466fa92f37c923ccdd9e70bdbe9488f18e13397d50292e2e9190bfe3b798f951125f3581e096a7d27a484783216c71cc411b59de3083d28f2836b9ebdb22084ea6bcd9351bfb8a397bf46378d0ae2946d720896ec483302e72defcfb3482c3bb3815a5a0e163328ff6f59f68376c1db105ad2744bd67b21bade502e3775515c0cf8e11ce06626bb0a803c68ece24dca0d318f24e2bed560a2f5afb86758ab2cfa319cfdecb8bdee61d0100f494870fa558aeb6485728f9d8d5eb6614e
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(42893);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/29");

  script_name(english:"HTTP cookies import");
  script_summary(english:"Import HTTP cookies in Netscape format");

  script_set_attribute(attribute:"synopsis", value: "HTTP cookies import.");
  script_set_attribute(attribute:"description", value:
  "This plugin imports cookies for all web tests.

  The cookie file must be in 'Netscape format'.

  It does not perform any test by itself.");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/25");

  script_set_attribute(attribute:"plugin_type", value:"settings");
  script_end_attributes();

  script_category(ACT_SETTINGS);
  script_copyright(english:"This script is Copyright (C) 2009-2025 Tenable Network Security, Inc.");
  script_family(english:"Settings");

  script_add_preference(name: "Cookies file : ", type: "file", value:"");
  script_dependencies("ping_host.nasl", "global_settings.nasl");
  exit(0);
}

include("http.inc");

global_var	same_hosts_l;
same_hosts_l = make_array();

function _wm_same_host(h)
{
  local_var	n, i;
  n = tolower(get_host_name());
  if (n == h) return 1;
  i = get_host_ip();
  if (i == h) return 1;

  # Do not call same_host, it was broken
  return 0;
}

function wm_same_host(h)
{
  h = tolower(h);
  if (same_hosts_l[h] == 'y') return 1;
  if (same_hosts_l[h] == 'n') return 0;
  if (_wm_same_host(h: h))
  {
    same_hosts_l[h] = 'y';
    return 1;
  }
  else
  {
    same_hosts_l[h] = 'n';
    return 0;
  }
}

# Import Netscape cookies

if (script_get_preference("Cookies file : ")) # Avoid dirty warning
  content = script_get_preference_file_content("Cookies file : ");
else
  exit(0, "No cookie file.");

n = 0;
if (strlen(content) > 0)
{
  http::cookiejar::disable_autosave();

  lines = split(content, keep: 0);
  content = NULL;	# Free memory
  now = unixtime();

  foreach l (lines)
  {
    if (l =~ '^[ \t]*#') continue; # ignore comments
    if (l =~ '^[ \t]*$') continue; # ignore all whitespace lines
# Fields:
# 0 domain
# 1 flag - indicates if all machines within a given domain can access the variable.
# 2 path
# 3 secure
# 4 expiration - UNIX time
# 5 name
# 6 value
    v = split(l, sep: '\t', keep: 0);
    m = max_index(v);

    if (m < 6 || m > 8)
      exit(1, 'Invalid cookies file (unexpected line).');

    if (v[3] == "TRUE") sec = 1; else sec = 0;
    t = int(v[4]);	# Expiration date

    # nb: Firebug has 8 fields per line, with a field for max-age between 
    #     expiration and cookie name.
    if (m == 8)
    {
      name = v[6];
      val =  v[7];
    }
    else
    {
      name = v[5];
      val =  v[6];
    }

    # Import session cookies, but reject expired cookies
    if (t == 0 || now < t)
    {
      http::cookiejar::set_cookie(path: v[2], domain: v[0], secure: sec, name:name, value:val);
      n++;
    }
    else
      dbg::detailed_log(lvl: 3, src: SCRIPT_NAME,
          msg:"Expired cookie: t="+ t +" Path="+ v[2] +" Domain="+ v[0] +" Secure="+ sec +" Name="+ name+ " Value="+ val);
  }

  if (n == 0)
    exit(1, 'No cookies were found in the given file.');

  dbg::detailed_log(lvl:1, src: SCRIPT_NAME, msg:n+" cookies imported.");
  # It is not always related to authentication, but this will be the main use
  http::cookiejar::save("FormAuth");
  http::cookiejar::save();
  lines = NULL;	# Free memory
}
else
  exit(0, "Cookie file is empty.");
29 Sep 2025 00:00Current
7High risk
Vulners AI Score7