| How to hide Codeigniter from Wappalyzer firefox plugin? |
[eluser]term25[/eluser]
I need this basically for security reasons. When somebody has installed this plugin: https://addons.mozilla.org/de/firefox/addon/wappalyzer/ he sees all the frameworks and javascript libraries among other things. I have made a screehot of my app based on CI in Firefox here: http://i47.tinypic.com/dh8fww.png I am sure some of you are using this great plugin already. So my question is which files should I modify so this plugin can not detect CodeIgniter framework. I guess it analyzes some header information and some file structure or something like that. I appreciate any advice. Thanks in advance.
[eluser]TWP Marketing[/eluser]
I don't know if this will help, I've not tried it myself. The wiki has on article: http://codeigniter.com/wiki/Moving_your_...of_DOCROOT
[eluser]Abel A.[/eluser]
This app can't detect my CI. Things I did: change cookie name, moved app and system folder Hope that helps.
[eluser]term25[/eluser]
[quote author="berkguy" date="1338585730"]This app can't detect my CI. Things I did: change cookie name, moved app and system folder Hope that helps.[/quote] It is enough to do it this way?: http://codeigniter.com/wiki/Moving_your_...of_DOCROOT What about the cookies, how exactly should I change them. Do I need to edit cookies helper? Which file exactly did you edit, if I may ask you? Thanks.
[eluser]term25[/eluser]
It is enough to do it this way?: http://codeigniter.com/wiki/Moving_your_...of_DOCROOT What about the cookies, how exactly should I change them. Do I need to edit cookies helper? Which file exactly did you edit, if I may ask you? Thanks. Should I change cookie_helper.php (code attached bellow) in system/helpers folder? What should I change there? As far as I know the php coments are not present in browser at all, so what other things should I edit in this file I do not know  .Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
[eluser]CroNiX[/eluser]
No, you set the cookie name in your config, like the session cookie name whose default name is "ci_session". Why would you need to rework the cookie helper? You set those cookie names when you create the individual cookies, and they won't be the default CI names (since you make them yourself) so noone will know it was a "CI" cookie. Also, they are just looking for the common directory names to see if they get a denied message, and if they do its most likely codeigniter (or other base install of another cms/framework/whatever, like looking for "wp-admin" on a wordpress site), like "system" and "application". Moving them works, but so does renaming them to something other than their default values.
[eluser]term25[/eluser]
[quote author="CroNiX" date="1338659684"]No, you set the cookie name in your config, like the session cookie name whose default name is "ci_session". Why would you need to rework the cookie helper? You set those cookie names when you create the individual cookies, and they won't be the default CI names (since you make them yourself) so noone will know it was a "CI" cookie. Also, they are just looking for the common directory names to see if they get a denied message, and if they do its most likely codeigniter (or other base install of another cms/framework/whatever, like looking for "wp-admin" on a wordpress site), like "system" and "application". Moving them works, but so does renaming them to something other than their default values. [/quote] SOLVED  All you need to do is change ci_session in config.php to e.g. mysuperapp_session and wappalyzer can not detect it anymore. Moving folder or renaming them is not necessary, however it helps with security etc. But do not remember to clear browser session or uninstall and install wappalyzer to see the changes in effect. |
| Welcome Guest, Not a member yet? Register Sign In |
