Breaking The sessions
When we deal with sessions :
set a cookie = dXNlcj1leHBsb2l0O2VtYWlsPXNlY0Bkb21haW4uY29tO2lwPTEuMS4xLjE7
2. Session= dXNlcj1leHBsb2l0O2VtYWlsPXNlY0Bkb21haW4uY29tO2lwPTEuMS4xLjE7
So i think that now you know how “session” works.
If the session is compromised by someone then he/she can use this session to log in against the user without any password.
How A hacker can break the sessions:
There are Some way breaking the sessions. Developer often doing mistake when managing the sessions. Most vulnerablites are :
1. Time based.
Just for understanding i am explaining “Meaningful session vulnerability”
It is really doubtful the URL address. It is using base64 as session id. So if we decode the base64 value then we get:
We see some juicy information but not the password. But still we can use this session to attack other accounts.How?
ip: 22.214.171.124 (Lol This fool clicked on a link)
Hope you understand something about attacking the session…
If you get any mistake/errors then please feel free to contact me(I love to fix myself)
Good Luck guys!!!