Penetration Testing: Strange cookies

[Dirk Reimers <Dirk.Reimers () gmx de>]

Hi all,

I'm just doing a short test on a web app and monitor some strage 
behaviuor in the generated cookies. It seems, the cookies (32 different 
symbols [a..z,0..5], 24 symbols per cookie) have some statistical 
anomalies such as by gathering 21912 cookies the combination of '45' 
starting at position 7, 15, or 23 have been counted 12580 times. And 
only 9332 cookies do not have any '45' combination in them. As my poor 
statistical knowlegde tells me the probability to meet '45' on a certain 
position should be about 21 (not 9157 with is measured for beginning 
position 7).
There a some more staticital anomalies (such as not any cookie can be 
grabbed with the symbol '4' at position 7 - not a measy little cookie!!).
So I'd like to feed the cookies to any statistic anomalie detector 
tellin me 'these cookies are quite random' or 'these cookies are very 
poor random'.
I'd search for 'fips-140' tests suites but wasn't able to find any free 
tool.
Does anybody of you guys have some experiences in testing the randomness 
of cookies? Maybe any tools like n-gram analysis that work with a bounch 
of numbers?
Thanx a lot for your support

Dirk

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------