ASM Injections

Question

&nbsp;Hello All,&nbsp;
&nbsp;I had 2 Queries on what is injected in the traffic/URI's by ASM  or any other manipulation done by it that alters the original state.&nbsp;
&nbsp;1) Is ASM cookie injected in the header of the traffic passing through ASM , irrespective of not 
&nbsp;selecting any of these in the policy--&gt; blocking screen&nbsp;
&nbsp;ASM Cookie Hijacking 
&nbsp;Expired timestamp 
&nbsp;Modified ASM cookie 
&nbsp;Modified domain cookie(s) &nbsp;&nbsp;&nbsp;
&nbsp;2) Besides CSRT token i injection (for CSRF protection) and java script injection (for Web Scrapping ) are there any other injections/manipulations  happening in the traffic or URI/URLs? If so what are they ?&nbsp;
&nbsp;regards
&nbsp;Nik

attack_signatur · Answer

The ASM will always inject the TS* cookie, even in transparent.   This allows the ASM to track information about individual clients such as their IP address.  When a TS* cookie becomes associated with another client from a different IP address then it will suspect a cookie hijacking has taken place.&nbsp;
I have only seen the ASM inject CSRF tokens (when CSRF was turned on) and Web Scraping JavaScript.  I have never seen any other manipulations.&nbsp;

Forum Discussion

ASM Injections

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

WordPress Content Injection Vulnerability - ASM Mitigation

Serverside SNI injection iRule

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

Automation of OWASP Injection mitigation using F5 Distributed Cloud Platform