Support
Knowledge Base Nodes

Cookies Node

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

A cookie is a small file that is inserted into a user’s computer by a web application. Cookies record information such as browser activity and login or authentication details.

Many web applications have experienced cookie-related vulnerabilities that lead to user impersonation and remote cookie tampering. When a cookie is sent over insecure HTTP, an attacker can read the cookie if this attacker controls the communication between the server and browser.

There are some other cookie security flags designed to make the state management mechanism between client and server more secure. These include httpOnly, SameSite attribute, and cookie prefixes. For further information related to how cookie mechanisms work and which risks can arise from the use of cookies, see Introducing the Security of Cookies Whitepaper.

Once the scan is completed, all cookies are listed under the Cookies node in the Knowledge Base, highlighted in red and bold. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.

Invicti forms Knowledge Base nodes on its findings. If the Cookies node is not listed, it means that Invicti did not find any.

For further information, see Knowledge Base Nodes

How to View the Cookies Node in Invicti Enterprise
  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  3. Next to the relevant website, click Report.
  4. From the Technical Report section, click the Knowledge Base tab.
  5. Click the Cookies node. The information is displayed in a Cookies tab.

How to View the Cookies Node in Invicti Standard
  1. Open Invicti Standard.
  2. Start a Scan or open a previously saved scan.
  3. The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs pane to give maximum viewing space.)

  1. Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs pane.)
  2. Click the Cookies node in the Knowledge Base. All detected Cookies are displayed in the Knowledge Base Viewer.