Check for bad cookies

2026-04-05 17:18:25 +01:00 · 2026-04-05 17:18:25 +01:00 · 9ed7f28ba6
parent 516b1cf911
commit 9ed7f28ba6
1 changed files with 9 additions and 0 deletions
--- a/httpheaders.py
+++ b/httpheaders.py
@ -275,8 +275,17 @@ def contains_suspicious_headers(headers: {}) -> bool:
       'think-lang' in headers or \
       'Think-lang' in headers:
        return True
+
    headers_str = str(headers)
    sus_strings = ('../../', '.php/', 'index.php', 'passwd=', 'PHPSESSID')
    if string_contains(headers_str, sus_strings):
        return True
+
+    # check for bad cookies
+    if 'Cookie:' in headers_str:
+        cookie_str = headers_str.split('Cookie:')[1]
+        if '=' in cookie_str:
+            cookie_name = cookie_str.split('=')[0].strip()
+            if cookie_name != 'epicyon':
+                return True
    return False