For the past few years, everyone seems to be using Laravel for almost everything. That is completely understandable, as it provides some great features. The downside is that when there is a security bug, it can be easily exploited. Sites and tools like Wappalyzer collect and sell data about websites. If there is a bug in Laravel, it is easy for an attacker to buy a list of websites from Wappalyzer and run an automated attack. For this reason, it is a good idea to hide the fact that you are using Laravel from Wappalyzer. It is relatively easy to do this, but it may affect your existing users.
The source code of Wappalyzer is publicly available, so we can check how Wappalyzer knows that we are using Laravel. Simply open the list and check for Laravel. You will find this line, which basically tells us that Wappalyzer is checking for a cookie named laravel_session.
Luckily for us, this is an easy change. Open the file config/session.php and look for the line that starts with cookie. You will see this has the value laravel_session. Change it to something of your liking. Make sure you comply with the cookie name rules.
There is only one downside to this: the moment you put this in production, everyone will be logged out, as the data in the old cookie is no longer read.
Wappalyzer cache
After changing the cookie name, it is possible that Wappalyzer still sees your application as a Laravel application. This is because Wappalyzer caches its results. You can avoid this by appending a fake parameter to the URL:
http://localhost/myroute?param=test
http://localhost/myroute?param=test&tmp=3423
This forces Wappalyzer to check the site again, and it will no longer detect Laravel.
