![]() The session token could be compromised in different ways the most common are Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc) and Man-in-the-middle attack. Last updated on Session hijacking and replay attacks are two common threats to web applications that rely on session management to authenticate and authorize users. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. It exploits the security weakness in the target web server. Cross-Site Scripting (XSS) The cross-site scripting type of attack is the most common way to hijack a user’s session. A session token is normally composed of a string of variable width, and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition. They have many tricks up their sleeves for hijacking or stealing users’ session IDs. The most common method uses a token that the web server sends to the client browser after a successful client authentication. As HTTP communication uses many different TCP connections, the web server needs a method to recognize the connections of every user. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. ![]() ![]() A Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |