CodeIgniter Forums
How to hide Codeigniter from Wappalyzer firefox plugin? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: How to hide Codeigniter from Wappalyzer firefox plugin? (/showthread.php?tid=52203)

How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-01-2012

[eluser]term25[/eluser]
I need this basically for security reasons.

When somebody has installed this plugin:
https://addons.mozilla.org/de/firefox/addon/wappalyzer/

he sees all the frameworks and javascript libraries among other things.

I have made a screehot of my app based on CI in Firefox here:
http://i47.tinypic.com/dh8fww.png

I am sure some of you are using this great plugin already.

So my question is which files should I modify so this plugin can not detect CodeIgniter framework.

I guess it analyzes some header information and some file structure or something like that.

I appreciate any advice. Thanks in advance.



How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-01-2012

[eluser]term25[/eluser]
Any advice?

How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-01-2012

[eluser]TWP Marketing[/eluser]
I don't know if this will help, I've not tried it myself. The wiki has on article:
http://codeigniter.com/wiki/Moving_your_app_out_of_DOCROOT

How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-01-2012

[eluser]Abel A.[/eluser]
This app can't detect my CI. Things I did: change cookie name, moved app and system folder

Hope that helps.

How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-02-2012

[eluser]term25[/eluser]
[quote author="berkguy" date="1338585730"]This app can't detect my CI. Things I did: change cookie name, moved app and system folder

Hope that helps.[/quote]

It is enough to do it this way?:
http://codeigniter.com/wiki/Moving_your_app_out_of_DOCROOT

What about the cookies, how exactly should I change them. Do I need to edit cookies helper? Which file exactly did you edit, if I may ask you? Thanks.

How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-02-2012

[eluser]term25[/eluser]
It is enough to do it this way?:
http://codeigniter.com/wiki/Moving_your_app_out_of_DOCROOT

What about the cookies, how exactly should I change them. Do I need to edit cookies helper? Which file exactly did you edit, if I may ask you? Thanks.

Should I change cookie_helper.php (code attached bellow) in system/helpers folder? What should I change there? As far as I know the php coments are not present in browser at all, so what other things should I edit in this file I do not know Sad.

Code:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
* An open source application development framework for PHP 5.1.6 or newer
*
* @package  CodeIgniter
* @author  ExpressionEngine Dev Team
* @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
* @license  http://ellislab.com/codeigniter/user-guide/license.html
* @link  http://codeigniter.com
* @since  Version 1.0
* @filesource
*/

// ------------------------------------------------------------------------

/**
* CodeIgniter Cookie Helpers
*
* @package  CodeIgniter
* @subpackage Helpers
* @category Helpers
* @author  ExpressionEngine Dev Team
* @link  http://ellislab.com/codeigniter/user-guide/helpers/cookie_helper.html
*/

// ------------------------------------------------------------------------

/**
* Set cookie
*
* Accepts six parameter, or you can submit an associative
* array in the first parameter containing all the values.
*
* @access public
* @param mixed
* @param string the value of the cookie
* @param string the number of seconds until expiration
* @param string the cookie domain.  Usually:  .yourdomain.com
* @param string the cookie path
* @param string the cookie prefix
* @return void
*/
if ( ! function_exists('set_cookie'))
{
function set_cookie($name = '', $value = '', $expire = '', $domain = '', $path = '/', $prefix = '', $secure = FALSE)
{
  // Set the config file options
  $CI =& get_instance();
  $CI->input->set_cookie($name, $value, $expire, $domain, $path, $prefix, $secure);
}
}

// --------------------------------------------------------------------

/**
* Fetch an item from the COOKIE array
*
* @access public
* @param string
* @param bool
* @return mixed
*/
if ( ! function_exists('get_cookie'))
{
function get_cookie($index = '', $xss_clean = FALSE)
{
  $CI =& get_instance();

  $prefix = '';

  if ( ! isset($_COOKIE[$index]) && config_item('cookie_prefix') != '')
  {
   $prefix = config_item('cookie_prefix');
  }

  return $CI->input->cookie($prefix.$index, $xss_clean);
}
}

// --------------------------------------------------------------------

/**
* Delete a COOKIE
*
* @param mixed
* @param string the cookie domain.  Usually:  .yourdomain.com
* @param string the cookie path
* @param string the cookie prefix
* @return void
*/
if ( ! function_exists('delete_cookie'))
{
function delete_cookie($name = '', $domain = '', $path = '/', $prefix = '')
{
  set_cookie($name, '', '', $domain, $path, $prefix);
}
}


/* End of file cookie_helper.php */
/* Location: ./system/helpers/cookie_helper.php */


How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-02-2012

[eluser]CroNiX[/eluser]
No, you set the cookie name in your config, like the session cookie name whose default name is "ci_session". Why would you need to rework the cookie helper? You set those cookie names when you create the individual cookies, and they won't be the default CI names (since you make them yourself) so noone will know it was a "CI" cookie.

Also, they are just looking for the common directory names to see if they get a denied message, and if they do its most likely codeigniter (or other base install of another cms/framework/whatever, like looking for "wp-admin" on a wordpress site), like "system" and "application". Moving them works, but so does renaming them to something other than their default values.



How to hide Codeigniter from Wappalyzer firefox plugin? - El Forum - 06-02-2012

[eluser]term25[/eluser]
[quote author="CroNiX" date="1338659684"]No, you set the cookie name in your config, like the session cookie name whose default name is "ci_session". Why would you need to rework the cookie helper? You set those cookie names when you create the individual cookies, and they won't be the default CI names (since you make them yourself) so noone will know it was a "CI" cookie.

Also, they are just looking for the common directory names to see if they get a denied message, and if they do its most likely codeigniter (or other base install of another cms/framework/whatever, like looking for "wp-admin" on a wordpress site), like "system" and "application". Moving them works, but so does renaming them to something other than their default values.

[/quote]
SOLVED Wink

All you need to do is change ci_session in config.php to e.g. mysuperapp_session and wappalyzer can not detect it anymore. Moving folder or renaming them is not necessary, however it helps with security etc. But do not remember to clear browser session or uninstall and install wappalyzer to see the changes in effect.