SESSION COOKIES - POLICE AI PLATFORM ================================================================================ Source: forms.ia.policia.gov.co Extracted: January 5, 2026 Method: HTTP header capture via Tor proxy ================================================================================ [1] CAPTURED COOKIES ================================================================================ Cookie: secret=ogPXHONRigakoecq - Purpose: Unknown (possibly CSRF or session secret) - Flags: Secure; HttpOnly; Path=/; SameSite=None Cookie: ds=bxZlKImIvSKbaxwW - Purpose: Unknown (possibly device/session identifier) - Flags: Expires=Mon, 24 Dec 2035; Secure; HttpOnly - Note: Long expiration suggests persistent tracking Cookie: session=f9447787b0f7718f_695c0481.Top27tmOWfgqPlLdK9viW2FbncA - Purpose: Session identifier - Flags: Secure - Format: [hash]_[hash].[signature] ================================================================================ [2] COOKIE SECURITY ANALYSIS ================================================================================ POSITIVE SECURITY: - HttpOnly flag prevents JavaScript access - Secure flag requires HTTPS - SameSite=None with Secure (cross-site allowed but encrypted) CONCERNS: - "ds" cookie expires in 2035 (10 year lifetime) - Session cookie lacks HttpOnly flag - Potential for session replay if not properly validated server-side ================================================================================ [3] SOURCE ENDPOINT ================================================================================ URL: https://forms.ia.policia.gov.co/ Server: nginx Response: 200 OK Set-Cookie headers captured in response ================================================================================ [4] RELATED SUBDOMAINS ================================================================================ All ia.policia.gov.co subdomains may share cookie scope: - app.ia.policia.gov.co - nadia.ia.policia.gov.co - aisearchengine.ia.policia.gov.co - iam.ia.policia.gov.co - catalog.ia.policia.gov.co - maps.analytics.ia.policia.gov.co ================================================================================ [5] INTELLIGENCE VALUE ================================================================================ - Cookie format may indicate backend framework - Session structure suggests custom authentication - Long-lived "ds" cookie useful for tracking/fingerprinting - Potential session hijacking if tokens not rotated ================================================================================ [6] RELATED FILES ================================================================================ Full documentation: KEY FINDINGS/32_POLICE_AI_PLATFORM_OSINT.txt HTML capture: RAW DOWNLOADS/PoliceAI_forms.html ================================================================================