From: Rajesh Jose (rajesh.jose@paladion.net)
Date: Thu Dec 11 2003 - 04:54:21 EST
Hi,
I didn't get "encrypted session token cookie". Normally nobody will be
encrypting a session token. So far as the session token is strongly
random nothing can be achieved by encrypting it.
Or did you mean secure cookie?
Secure cookie is a cookie which can be fetched by the server only
through a SSL channel.
In all these cases "encrypted, not-encrypted and secured" it is possible
to fetch a cookie through XSS attack and replay the session.
Replaying of session token will not possible if the application is using
source IP for session validation.
Cheers,
Rajesh
-----Original Message-----
From: pire pire [mailto:pirepire69@romandie.com]
Sent: Wednesday, December 10, 2003 1:14 PM
To: pen-test@securityfocus.com
Subject: XSS with encrypted cookie?
Hi,
I'm wondering if it's possible via a XSS attack to steal an
encrypted cookie (actually it's a session token)? (with some
javascript like: document.cookie etc...)
If yes, is it also possible to replay this cookie? (of course the
session must still be valid on the server)
I know it works with regular cookie.
Thanks a lot for your help
_______________________________________________
La messagerie gratuite des romands : 10 MO !!!
Profitez-en ! >>> http://www.romandie.com
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT