Web applications attacks/Predictable sessions

From aldeid
Jump to navigation Jump to search

Description

Examples

Protection

Tools

  • Crowbar is a brute-forcer that enables to crack predictable sessions.
  • Burp Sequencer analyzes the distributions of session IDs to determine the randomness.
  • WebScarab has a tool, SessionID Analysis, that enables to determine the randomness of generated session IDs.

Comments

Talk:Web applications attacks/Predictable sessions