Collaborate Disseminate
I recently read a blog post that mentioned there is a way to highjack a user’s account by stealing their session cookies, and then persisting the logged in state by extending the expiration of the cookie indefinitely. This would also mean … Continue reading How can session-persistence of a web application account lead to re-infection of the browser and OS [closed]
I’m testing a web application and I found information about sessions that the web application used appears in the source code
for example, they write: we use jsession for a user from the browser and route id and something like that
My ques… Continue reading Information from source code
We develop a website in JAMStack, all URLs are static HTML page, and each interaction with the server are made by a fetch call on our REST API (micro-services).
When a user sign in, we want to proposes an option to permit them to stay conn… Continue reading Protection against user session attacks (hijack, replay, tampering, CSRF, XSS…)
I am writing a small app.
It creates a session once the user authenticates. I am aware of this definition of fixation attack from owasp.
Attacker uses the app
In this App, once they log out the sessionID is destroyed. If they are still log… Continue reading A few questions about fixation attack
I wonder what Session Fixation exploit possibilities still exist today in case the website does not change the Session-ID in a cookie after login other than the following:
XSS
MiTM
open redirect vuln
We’ve encountered a customer website … Continue reading Session Fixation PoC
During an engagement, i have been asked by a client to explain (with the use of one
or more examples) whether having an authenticated cookie-session web upload
functionality can be dangerous for the security of their system. how can i make… Continue reading Cookie-based sessions
I am passing the Cookie header of a valid authenticated, high privileged user to the unauthenticated or low privileged user using Autorize (Burp Extension).
So ideally, the Autorize says the requests are bypassed because the Cookie header … Continue reading Passing the session ID of an unauthenticated user to a valid session using Burp
I am testing website security when I came across this:
When I enter the site URL, the user is given a session ID without any user input like:
7F746326038B30F51609423B2086BEBB
Scenario 1: Once I logged into the website by providing the cor… Continue reading Session ID not changed after logging in/ logging out
I understand changing session IDs is important so this doesn’t happen. But nobody tells you HOW this attacker would actually do this? How would they get it … then, more importantly, how would they use it? This would certainly help man… Continue reading They tell me if an attacker gets your session ID, can use it to pose as the legitimate user. Specifically HOW would they do that? [duplicate]
When a client makes the first request, I send a session ID cookie generated by the server as a string of 64 random bytes using getrandom(2) or /dev/urandom, stored in the database, with the flags HttpOnly, Secure and SameSite=Strict set. A… Continue reading Do I still need a CSRF token?