i need information about Session Hijacking
how prodect my site from that
thanks in advance your help
red fox
Session Hijacking
Moderators: egami, macek, gesf
If you have a MySQL based session handler than a problem whould be the SQL injection 
Sincerely,
Gonçalo "gesf" Fontoura
Gonçalo "gesf" Fontoura
-
roejim
It really is interesting if you could get the login cookie of a certain user by sniffing of data over the network.
I suggest that you take a look at wireshark which is a tool that lets you take note of network activity and with that you are given the ability to trace login and logout processes.
You just have to find the proper beans and you are good to go. You can just save the session cookie and use it just like you entered on your own. A lot of similar hijacking are done on simpler sites like Facebook.
I suggest that you take a look at wireshark which is a tool that lets you take note of network activity and with that you are given the ability to trace login and logout processes.
You just have to find the proper beans and you are good to go. You can just save the session cookie and use it just like you entered on your own. A lot of similar hijacking are done on simpler sites like Facebook.
