17

Our website is receiving http requests from a user which contains 'Coikoe' tag instead of 'Cookie'.

Http request object received from firefox is mentioned below :

com.pratilipi.servlet.UxModeFilter doFilter: REQUEST : GET http://www.pratilipi.com/books/gujarati HTTP/1.1
Host: http//www.pratilipi.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Referer: http://www.pratilipi.com/?action=login
Coikoe: _gat=1; visit_count=1; page_count=2
X-AppEngine-Country: XX
X-AppEngine-Region: xx
X-AppEngine-City: XXXXXX
X-AppEngine-CityLatLong: 12.232344,12.232445

Http request object received from google chrome is mentioned below :

com.pratilipi.servlet.UxModeFilter doFilter: REQUEST : GET http//www.pratilipi.com/books/hindi HTTP/1.1
Host: http//www.pratilipi.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
Referer: http//www.pratilipi.com
Accept-Language: en-US,en;q=0.8,ta;q=0.6
Coikoe: _gat=1; visit_count=1; page_count=1
X-AppEngine-Country: XX
X-AppEngine-Region: xx
X-AppEngine-City: xxxxxx
X-AppEngine-CityLatLong: 12.232344,12.232445

User is using window 8 system.

Question : Why is this happening and how can I solve it? I have never seen anything like this before. Anyone has come accross anything like this

Thank You

genirahul
  • 389
  • 3
  • 12

3 Answers3

6

This user will be using some sort of privacy proxy.

The same happens for the Connection request header as explained in Cneonction and nnCoection HTTP headers: the proxy mangles the header so it won't be recognized by the receiver, but by merely shuffling some letters around the TCP packet's checksum will remain the same.

CodeCaster
  • 131,656
  • 19
  • 190
  • 236
1

I'm gonna give a rather speculative answer based on some online research.

I went through all the specifications for cookies right from the early drafts and there doesn't seem to be anything about coikoe or misspelling cookies.

I found another user (Pingu) who complained about the same on Twitter about the same. His relevant tweets:

(1) Weird problem: have a device that changes "Cookie" to "Coikoe" in TCP stream and don't know which it is. No deep packet inspection in place.

(2) There is a Linksys Wifi Router, a Cisco Switch adding a VLAN-Tag and a Linux box routing the VLAN to Internet router. Nothing else. #Coikoe

I then asked him about it earlier today. This was his replay:

It must have been something with my routing and iptables setup on the Linux box to allow the guests only limited access.

I can remember the problem. But do not remember how I solved it. It happened from Clients connected to my Guest WiFi.

Given my understanding from your discussion in the comments earlier, I'm guessing that the router sends a coikoe header instead of a cookie if the user has limited connectivity and/or problems with the access point.

Also see this ruby code to see how they have handled the different cookie header:

 def set_cookie_header
   request.headers["HTTP_COOKIE"] ||= request.headers["HTTP_COIKOE"]
 end

I looked lots of other popular forums like reddit, 4chan, stackoverflow, facebook and google, but I could not get anything else. Goodluck with your problem.

TheChetan
  • 3,887
  • 3
  • 27
  • 36
-2

Well this is something like a typo mistake, just to confirm , use the following powershell command in the project directory 

Get-ChildItem -recurse | Select-String -pattern "Coikoe" | group path | select name

and i hope you will be able to find the mistake you have made.

N.K
  • 2,205
  • 1
  • 13
  • 36