1*6236dae4SAndroid Build Coastguard Worker<testcase> 2*6236dae4SAndroid Build Coastguard Worker<info> 3*6236dae4SAndroid Build Coastguard Worker<keywords> 4*6236dae4SAndroid Build Coastguard WorkerHTTP 5*6236dae4SAndroid Build Coastguard Workercookies 6*6236dae4SAndroid Build Coastguard Worker--resolve 7*6236dae4SAndroid Build Coastguard Worker</keywords> 8*6236dae4SAndroid Build Coastguard Worker</info> 9*6236dae4SAndroid Build Coastguard Worker 10*6236dae4SAndroid Build Coastguard Worker# 11*6236dae4SAndroid Build Coastguard Worker# Server-side 12*6236dae4SAndroid Build Coastguard Worker<reply> 13*6236dae4SAndroid Build Coastguard Worker<data nocheck="yes"> 14*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 301 OK 15*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 16*6236dae4SAndroid Build Coastguard WorkerServer: test-server/fake 17*6236dae4SAndroid Build Coastguard WorkerContent-Length: 6 18*6236dae4SAndroid Build Coastguard WorkerSet-Cookie: SESSIONID=originaltoken; secure 19*6236dae4SAndroid Build Coastguard WorkerSet-Cookie: second=originaltoken; secure; path=/a 20*6236dae4SAndroid Build Coastguard WorkerLocation: http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER0002 21*6236dae4SAndroid Build Coastguard Worker 22*6236dae4SAndroid Build Coastguard Worker-foo- 23*6236dae4SAndroid Build Coastguard Worker</data> 24*6236dae4SAndroid Build Coastguard Worker 25*6236dae4SAndroid Build Coastguard Worker<data2> 26*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 301 OK 27*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 28*6236dae4SAndroid Build Coastguard WorkerServer: test-server/fake 29*6236dae4SAndroid Build Coastguard WorkerContent-Length: 6 30*6236dae4SAndroid Build Coastguard WorkerSet-Cookie: SESSIONID=hacker; domain=attack.invalid; 31*6236dae4SAndroid Build Coastguard WorkerSet-Cookie: second=replacement; path=/a/b 32*6236dae4SAndroid Build Coastguard WorkerLocation: https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER0003 33*6236dae4SAndroid Build Coastguard Worker 34*6236dae4SAndroid Build Coastguard Worker-foo- 35*6236dae4SAndroid Build Coastguard Worker</data2> 36*6236dae4SAndroid Build Coastguard Worker 37*6236dae4SAndroid Build Coastguard Worker<data3> 38*6236dae4SAndroid Build Coastguard WorkerHTTP/1.1 200 OK 39*6236dae4SAndroid Build Coastguard WorkerDate: Tue, 09 Nov 2010 14:49:00 GMT 40*6236dae4SAndroid Build Coastguard WorkerServer: test-server/fake 41*6236dae4SAndroid Build Coastguard WorkerContent-Length: 6 42*6236dae4SAndroid Build Coastguard Worker 43*6236dae4SAndroid Build Coastguard Worker-foo- 44*6236dae4SAndroid Build Coastguard Worker</data3> 45*6236dae4SAndroid Build Coastguard Worker</reply> 46*6236dae4SAndroid Build Coastguard Worker 47*6236dae4SAndroid Build Coastguard Worker# 48*6236dae4SAndroid Build Coastguard Worker# Client-side 49*6236dae4SAndroid Build Coastguard Worker<client> 50*6236dae4SAndroid Build Coastguard Worker<server> 51*6236dae4SAndroid Build Coastguard Workerhttp 52*6236dae4SAndroid Build Coastguard Workerhttps 53*6236dae4SAndroid Build Coastguard Worker</server> 54*6236dae4SAndroid Build Coastguard Worker<name> 55*6236dae4SAndroid Build Coastguard WorkerHTTPS sec-cookie, HTTP redirect, same name cookie, redirect back 56*6236dae4SAndroid Build Coastguard Worker</name> 57*6236dae4SAndroid Build Coastguard Worker<command> 58*6236dae4SAndroid Build Coastguard Workerhttps://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER -k -c %LOGDIR/cookie%TESTNUMBER --resolve attack.invalid:%HTTPSPORT:%HOSTIP --resolve attack.invalid:%HTTPPORT:%HOSTIP -L 59*6236dae4SAndroid Build Coastguard Worker</command> 60*6236dae4SAndroid Build Coastguard Worker</client> 61*6236dae4SAndroid Build Coastguard Worker 62*6236dae4SAndroid Build Coastguard Worker# 63*6236dae4SAndroid Build Coastguard Worker# Verify data after the test has been "shot" 64*6236dae4SAndroid Build Coastguard Worker<verify> 65*6236dae4SAndroid Build Coastguard Worker<protocol> 66*6236dae4SAndroid Build Coastguard WorkerGET /a/b/%TESTNUMBER HTTP/1.1 67*6236dae4SAndroid Build Coastguard WorkerHost: attack.invalid:%HTTPSPORT 68*6236dae4SAndroid Build Coastguard WorkerUser-Agent: curl/%VERSION 69*6236dae4SAndroid Build Coastguard WorkerAccept: */* 70*6236dae4SAndroid Build Coastguard Worker 71*6236dae4SAndroid Build Coastguard WorkerGET /a/b/%TESTNUMBER0002 HTTP/1.1 72*6236dae4SAndroid Build Coastguard WorkerHost: attack.invalid:%HTTPPORT 73*6236dae4SAndroid Build Coastguard WorkerUser-Agent: curl/%VERSION 74*6236dae4SAndroid Build Coastguard WorkerAccept: */* 75*6236dae4SAndroid Build Coastguard Worker 76*6236dae4SAndroid Build Coastguard WorkerGET /a/b/%TESTNUMBER0003 HTTP/1.1 77*6236dae4SAndroid Build Coastguard WorkerHost: attack.invalid:%HTTPSPORT 78*6236dae4SAndroid Build Coastguard WorkerUser-Agent: curl/%VERSION 79*6236dae4SAndroid Build Coastguard WorkerAccept: */* 80*6236dae4SAndroid Build Coastguard WorkerCookie: SESSIONID=originaltoken; second=originaltoken 81*6236dae4SAndroid Build Coastguard Worker 82*6236dae4SAndroid Build Coastguard Worker</protocol> 83*6236dae4SAndroid Build Coastguard Worker</verify> 84*6236dae4SAndroid Build Coastguard Worker</testcase> 85