The solution outlined below is believed to be obsolete & ineffective, but retained for historical interest. Phorm have changed their method of operation to hi-jack image requests. You should encrypt your web communications using SSL.

Cookie Tripwire; Detect Phorm Cookie Stripping

This solution, contributed by Tarka, is a variation on Cookie Rewriting. It uses a combination of client side and server side code to detect Phorm.

The server side code deliberately sets a 'Webwise' cookie (assuming Phorm will attempt to hide their phorged cookie by stripping it from server requests).

The client side executes a Javascript which creates a list of cookies visible to the client .

When a subsequent request reaches the server, the list of cookies visible to the client is compared with a list of cookies visible to the server.

Any differences between the two will trigger an immediate redirection.

Updated 15/11/2008 to take account of the published webwise-uid cookie name.


Include the following code into every one of your pages;

   setcookie("webwise-uid", "Dephormation Test Cookie");
      <script language="javascript" src="tripwire.js">
      <p>My Page</p>

Download Cookie Tripwire Code Here

Download Cookie Tripwire Zip Archive.

MD5Sum: f3a2caa32cdd3619b9f97f7003727e02