Re: Session Hijacking over HTTP

From: Rodrigo Montoro (Sp0oKeR) (spooker@gmail.com)
Date: Thu Mar 20 2008 - 21:39:59 EST

• Next message: sherwyn.williams@gmail.com: "Re: Pentesting using Vista?"
• Previous message: Richard C Lewis: "RE: Promiscuous Mode"
• In reply to: 11ack3r: "Session Hijacking over HTTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you get cookie and use have the session still open you could use
some tool to modify headers and be happy! =)

You could try this tools that become life easier .

Gmail had a old bug that after user logout you could use that session
until 25/30 minutes later... currently it's seem to be fixed.
http://erratasec.blogspot.com/2007/08/sidejacking-with-hamster_05.html

Regards,

Rodrigo Montoro (Sp0oKeR)

On Tue, Mar 18, 2008 at 8:21 AM, 11ack3r <11ack3r@gmail.com> wrote:
> Hello Everyone,
>
> I was curious to know how would webmail portals like gmail.com and
> yahoo.com protect their users from session hijacking when they use
> HTTP after authentication.
>
> As I see it is trivial to capture traffic over the wire including
> session cookies. In such a case can an attacker just reuse the session
> cookies in his/her browser and compromise the user account?
>
> WHat is the best way to protect session cookies from hijacking esp.
> due to network eavesdropping? Of course HTTPS can also be bypassed
> with MITM attacks if users ignore browser warnings.
>
> Looking forward to some knowledge here.
>
> Cheers!!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

-- 
===========================
Rodrigo Montoro (Sp0oKeR)
Security Analyst
SnortCP / RHCE / LPIC-I / MCSO
http://www.spookerlabs.com.br
http://www.linkedin.com/in/spooker
===========================
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: sherwyn.williams@gmail.com: "Re: Pentesting using Vista?"
• Previous message: Richard C Lewis: "RE: Promiscuous Mode"
• In reply to: 11ack3r: "Session Hijacking over HTTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:28 EDT