Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Viewing Response Headers

    Posted 09-04-2020 10:56
    We are using SecureSphere version 12.5.
    Is there any way to see the response headers in a violation?
    I've enabled 'Display Response Page in Alerts' in the policy that is triggering, but it only seems to show the response page.
    I'm specifically looking for a cookie attribute coming back.

    Thanks


    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Richard Bowden
    Aviva
    ------------------------------


  • 2.  RE: Viewing Response Headers

    Posted 09-04-2020 13:14
    Hi,

    Unfortunately, SecureSphere does not support displaying response headers at this time. I know this has been a FR in the past, if you can please help me by adding this as a FR in user voice, I will help escalate this with our product team.

    Apologies, I wish I had a better response at this time, but we can try to get this implemented for you. Thank you!

    - BA

    ------------------------------
    Brian Anderson
    ------------------------------



  • 3.  RE: Viewing Response Headers

    Posted 09-04-2020 13:48
    Thanks @Brian Anderson.

    @Rick Bowden, The feature request portal can be found here. ​​

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 4.  RE: Viewing Response Headers

    Posted 09-09-2020 02:54
    Thanks for the reply Brian, appreciated.

    Regards
    Rick

    ------------------------------
    Richard Bowden
    Aviva
    ------------------------------



  • 5.  RE: Viewing Response Headers

    Posted 09-09-2020 14:10
    On side note, you may use Burp Suite to see response headers.

    ------------------------------
    SC
    ------------------------------



  • 6.  RE: Viewing Response Headers

    Posted 09-10-2020 07:19

    Thanks for the suggestion, but the reason I asked if we could see the response headers in the gateways is because somewhere in our stack the SameSite cookie is going missing, and I am being challenged to prove it is not our SecureSphere gateways that is doing it, which at this moment I'm unable to prove it one way or another.



    ------------------------------
    Richard Bowden
    Aviva
    ------------------------------



  • 7.  RE: Viewing Response Headers

    Posted 09-11-2020 11:32
    Try capturing packets on egress interface or when they are leaving gateway. Capture traffic with .pcap format then use wireshark to look at cookies data. You can use http.cookie as display filter and have a check on packets. Later on you can follow the TCP stream and have a check on the HTTP cookie.

    ------------------------------
    SC
    ------------------------------