Collaborate Disseminate
I was testing a web application where cookies (session ID, session values) are the same for all times. Even after successful authentication takes place it remains unchanged. The session ID travels in the form of a HTTP cookie… Continue reading Testing Session Fixation when cookie is unchanged
I was testing a web application where cookies (session ID, session values) are the same for all times. Even after successful authentication takes place it remains unchanged. The session ID travels in the form of a HTTP cookie… Continue reading Testing Session Fixation when cookie is unchanged
How an attacker can De-Synchronise a connection in a session hijacking attack? What are the steps needs to follow and what are the tools can be used ?
Continue reading De-Synchronising the connection in a Session Hijacking attack. [on hold]
There’s a website I visit and I can’t understand fully the login process and session hash it creates and uses to keep track of logins and such.
Would someone help me understand what goes on in server and what happens to session IDs and log… Continue reading Session hashes – how it works?
I was reading this question about Session ID Hijacking
and it gave a lot of answers about stealing Session IDs. I have been thinking about this for awhile, but is there a benefit to using Session IDs over re-logging in with… Continue reading Is there any benefit to keep sending UN/PW to the server over Session ID ( i.e., Stateless vs Stateful)
I was reading this question about Session ID Hijacking
and it gave a lot of answers about stealing Session IDs. I have been thinking about this for awhile, but is there a benefit to using Session IDs over re-logging in with a UN/PW combo… Continue reading Is there any benefit to keep sending UN/PW to the server over Session ID ( i.e., Stateless vs Stateful)
I was reading this question about Session ID Hijacking
and it gave a lot of answers about stealing Session IDs. I have been thinking about this for awhile, but is there a benefit to using Session IDs over re-logging in with… Continue reading Is there any benefit to keep sending UN/PW to the server over Session ID ( i.e., Stateless vs Stateful)
I have been doing some reading over the past few days on Session IDs and the methods taken to prevent people from intercepting them and using them to hijack a session.
From what I have read, when sending the Session ID in a cookie to the… Continue reading How to protect the Session ID?
I wrote the log In/log Out scripts of my web page and when the user logs in I store in the $_SESSION variable the user agent. Now each time a page is loaded I check if the user is logged in or not and if it is logged in I che… Continue reading prevent session hijacking in PHP
In the process of developing a vulnerable jsp/servlet based application I made an attempt to introduce the session fixation vulnerability.
Referring to the documentation I came up with the following code which when used in the servlet to… Continue reading Session fixation in Java