Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Prevent exposing Laravel usage

Tags:

laravel

laravel-4

I use Wappalyzer add-on on chrome and recently it started finding out about the usage of Laravel framework on my projects.

how does it know about this and how can I hide this?

I think it may be because of one of the cookie's name that Laravel sets automatically, but have no idea how can I change it's name.

Cookie Name: laravel_session

EDIT: thanks to David's answer I could change cookie's name but it still tracks Laravel, so it shouldn't be the way Wappalyzer finds out about Laravel.

EDIT2: I've created a new controller and it didn't detect the framework! It seems that Wappalyzer caches the results for each URL!

like image 495
Positivity Avatar asked Jul 21 '14 11:07

Positivity

4 Answers

It's probably the laravel cookie. It has a distinguishing feature in it's name 'laravel_session'. It would certainly explain where it gets the usage stats from. You can change the name of the cookie in app/config/session.php.

Edit

So Wappalyzer uses json to specify what it should be looking for. This is how it identifies Laravel:

"Laravel": {
    "website": "laravel.com",
    "cats": [ 18 ],
    "headers": { "Set-Cookie": "laravel_session" },
    "implies": "PHP"
}

It uses the headers property to identify what's going on. This would imply it does use the cookie name only...

For the complete list of app tracking rules, they're on the GitHub repo.

like image 69
David Barker Avatar answered Nov 14 '22 06:11

David Barker

When requesting the laravel website for the first time with the laravel_session prefix while the detection plugin is running, Laravel website techs are detected and stored, so in the next time even if you've changed the prefix the laravel detected icon will still showup.

Best thing is to not ever activate the plugin while developing on the production server, and make sure to uncheck in plugin options the "send data to the server".

like image 23
adam Avatar answered Nov 14 '22 08:11

adam

In the new laravel 5.2, you can change the cookie session name

By going to the config folder in the root of your laravel project and then session.php, scroll down till line 112 and change this from 'cookie' => 'laravel_session', to w.e you want.

like image 39
Ahmed Soltan Avatar answered Nov 14 '22 06:11

Ahmed Soltan

In laravel 5.7 and 5.8

If you want to hide it from Wapplyzer than you can change it in below way.

Change APP_NAME=Laravel to APP_NAME=Any Name You want in .env file.

like image 5
Akhtar Munir Avatar answered Nov 14 '22 08:11

Akhtar Munir
Sign in to Comment

Related questions

Laravel Sanctum : column not found: 1054 Unknown column 'api_token' in 'where clause'
Laravel 5.0 - Blade Template Errors
Handle TokenMismatchException in laravel 5
Laravel proper permissions
Column not found: 1054 Unknown column '_token' in 'field list' Laravel
How can I use whereHas in the morphTo relation laravel?
How to hide relationship columns in laravel?
Laravel API Routes Not Found
Query builder: passing argument to anonymous function
Check if field exists in Input during validation using Laravel
Laravel migration will not add foreign key
Laravel php tinker command to show tables and structures?
No body data found in Laravel 5.3 with PUT request
How to delete session in Laravel 5.3 without using Request?
Laravel Factory: Manual Increment of Column
Symfony\Component\HttpKernel\Exception\HttpException error when I have post method on route
spatie/laravel-permission There is no permission named `edit_project` for guard `api`
Laravel 4 Auth::attempt using either email or username and password
Laravel : "mcrypt_decrypt(): The IV parameter must be as long as the blocksize"
Unable to resolve NULL driver for [Maatwebsite\Excel\Transactions\TransactionManager]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!