This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am using wireshark to extract the cookie details. But wireshark only gives details like name of the cookie and value.
How do I read the path tof the cookie for which it is set?

asked 19 Apr '12, 07:30

Ashwin's gravatar image

Ashwin
31337
accept rate: 0%


If you mean the URL for which the cookie was set ("path" being a confusing word here, because that would mean the storage file on a lokal disk instead) you can tell by the URL that was requested together with the cookie. Cookies are set for certain URLs/URIs, so if you see a cookie coming in together with a GET/POST/...-Request, then it is set for that URL. Unfortunately you can't tell the base URL though unless you gather a ton of requests and determine the scope manually.

For example if you see a cookie for http://www.test.com/whatever/ you can't tell if the Cookie was set for that exact path, or if it was set for a broader scope of http://www.test.com. But as soon as you see the same cookie coming back for http://www.test.com you know it was.

It's usually easier to find a packet where the cookie was originally set, and read the scope from there. If you don't have that packet you have to determine it yourself.

permanent link

answered 19 Apr '12, 08:45

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

You don't read the path in Wireshark because that information is not transmitted across the network, so it doesn't appear in the data captured by Wireshark. The path to the location where cookies are stored depends on which operating system and browser you are using. A little Googling will turn up the location for your browser and OS.

permanent link

answered 19 Apr '12, 07:50

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Just to complicate things, it is allowable, although not common, for the same cookie name to be set for different URL domains and/or paths, with either the same or a different value. The result is that the browser considers each one to be an independent cookie. So if a cookie named status is set to the value "bar" at http://www.test.com/, and a second cookie named status is set to "fu" at http://www.test.com/whatever/, then when your browser goes to the first URL the status cookie will be "bar" but when you go to the second URL the server will get: status=fu and status=bar. It is up to the server at that point to figure out what to do!

permanent link

answered 19 Apr '12, 11:23

inetdog's gravatar image

inetdog
16717
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×293
×9

question asked: 19 Apr '12, 07:30

question was seen: 5,438 times

last updated: 19 Apr '12, 11:23

p​o​w​e​r​e​d by O​S​Q​A