113498266Sopenharmony_ci<testcase> 213498266Sopenharmony_ci<info> 313498266Sopenharmony_ci<keywords> 413498266Sopenharmony_ciHTTP 513498266Sopenharmony_cicookies 613498266Sopenharmony_ci--resolve 713498266Sopenharmony_ci</keywords> 813498266Sopenharmony_ci</info> 913498266Sopenharmony_ci 1013498266Sopenharmony_ci# 1113498266Sopenharmony_ci# Server-side 1213498266Sopenharmony_ci<reply> 1313498266Sopenharmony_ci<data nocheck="yes"> 1413498266Sopenharmony_ciHTTP/1.1 301 OK 1513498266Sopenharmony_ciDate: Tue, 09 Nov 2010 14:49:00 GMT 1613498266Sopenharmony_ciServer: test-server/fake 1713498266Sopenharmony_ciContent-Length: 6 1813498266Sopenharmony_ciSet-Cookie: SESSIONID=originaltoken; secure 1913498266Sopenharmony_ciSet-Cookie: second=originaltoken; secure; path=/a 2013498266Sopenharmony_ciLocation: http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER0002 2113498266Sopenharmony_ci 2213498266Sopenharmony_ci-foo- 2313498266Sopenharmony_ci</data> 2413498266Sopenharmony_ci 2513498266Sopenharmony_ci<data2> 2613498266Sopenharmony_ciHTTP/1.1 301 OK 2713498266Sopenharmony_ciDate: Tue, 09 Nov 2010 14:49:00 GMT 2813498266Sopenharmony_ciServer: test-server/fake 2913498266Sopenharmony_ciContent-Length: 6 3013498266Sopenharmony_ciSet-Cookie: SESSIONID=hacker; domain=attack.invalid; 3113498266Sopenharmony_ciSet-Cookie: second=replacement; path=/a/b 3213498266Sopenharmony_ciLocation: https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER0003 3313498266Sopenharmony_ci 3413498266Sopenharmony_ci-foo- 3513498266Sopenharmony_ci</data2> 3613498266Sopenharmony_ci 3713498266Sopenharmony_ci<data3> 3813498266Sopenharmony_ciHTTP/1.1 200 OK 3913498266Sopenharmony_ciDate: Tue, 09 Nov 2010 14:49:00 GMT 4013498266Sopenharmony_ciServer: test-server/fake 4113498266Sopenharmony_ciContent-Length: 6 4213498266Sopenharmony_ci 4313498266Sopenharmony_ci-foo- 4413498266Sopenharmony_ci</data3> 4513498266Sopenharmony_ci</reply> 4613498266Sopenharmony_ci 4713498266Sopenharmony_ci# 4813498266Sopenharmony_ci# Client-side 4913498266Sopenharmony_ci<client> 5013498266Sopenharmony_ci<server> 5113498266Sopenharmony_cihttp 5213498266Sopenharmony_cihttps 5313498266Sopenharmony_ci</server> 5413498266Sopenharmony_ci<name> 5513498266Sopenharmony_ciHTTPS sec-cookie, HTTP redirect, same name cookie, redirect back 5613498266Sopenharmony_ci</name> 5713498266Sopenharmony_ci<command> 5813498266Sopenharmony_cihttps://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER -k -c %LOGDIR/cookie%TESTNUMBER --resolve attack.invalid:%HTTPSPORT:%HOSTIP --resolve attack.invalid:%HTTPPORT:%HOSTIP -L 5913498266Sopenharmony_ci</command> 6013498266Sopenharmony_ci</client> 6113498266Sopenharmony_ci 6213498266Sopenharmony_ci# 6313498266Sopenharmony_ci# Verify data after the test has been "shot" 6413498266Sopenharmony_ci<verify> 6513498266Sopenharmony_ci<protocol> 6613498266Sopenharmony_ciGET /a/b/%TESTNUMBER HTTP/1.1 6713498266Sopenharmony_ciHost: attack.invalid:%HTTPSPORT 6813498266Sopenharmony_ciUser-Agent: curl/%VERSION 6913498266Sopenharmony_ciAccept: */* 7013498266Sopenharmony_ci 7113498266Sopenharmony_ciGET /a/b/%TESTNUMBER0002 HTTP/1.1 7213498266Sopenharmony_ciHost: attack.invalid:%HTTPPORT 7313498266Sopenharmony_ciUser-Agent: curl/%VERSION 7413498266Sopenharmony_ciAccept: */* 7513498266Sopenharmony_ci 7613498266Sopenharmony_ciGET /a/b/%TESTNUMBER0003 HTTP/1.1 7713498266Sopenharmony_ciHost: attack.invalid:%HTTPSPORT 7813498266Sopenharmony_ciUser-Agent: curl/%VERSION 7913498266Sopenharmony_ciAccept: */* 8013498266Sopenharmony_ciCookie: SESSIONID=originaltoken; second=originaltoken 8113498266Sopenharmony_ci 8213498266Sopenharmony_ci</protocol> 8313498266Sopenharmony_ci</verify> 8413498266Sopenharmony_ci</testcase> 85