Web applications attacks/Predictable sessions
Jump to navigation Jump to search
- WebGoat, hijack a session lesson will show you how to hijack a predictable session by brute-forcing it.
- WebGoat, Spoof an authentication cookie is another example of a predictable session due to a weak encryption mechanism.
- WebGoat, Session Fixation lesson will show how hackers can steal user's data by forcing them to connect on a *prepared* session.
- Crowbar is a brute-forcer that enables to crack predictable sessions.
- Burp Sequencer analyzes the distributions of session IDs to determine the randomness.
- WebScarab has a tool, SessionID Analysis, that enables to determine the randomness of generated session IDs.