From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Understanding web sessions - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Understanding web sessions
- [Instructor] HTTP is a stateless protocol, so there's no retention of any information between webpages. However there's often a need for managing information across a web session consisting of multiple interactions. Consequently, web developers will code their systems to uniquely track a web user through the use of unique sessions IDs issued by the server. Each browser request sent to the web server will then include session ID. Session IDs will often be used as a way to uniquely identify an authenticated user, and potentially enable access to sensitive information. A typical way for a web developer to store session IDs is to use the .php session array, and then the session ID can be passed in one of two ways, embedded in the URL or through the use of cookies. We can also create our own variables and store them in the session array as required. I've created a webpage for Apache which uses sessions. So let's have a look at how we'd get a session ID and use the session array. We can…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Understanding web sessions4m 8s
-
(Locked)
Understanding WebSockets2m 41s
-
(Locked)
Banking on Zero1m 10s
-
(Locked)
Hijacking sessions using man-in-the-browser4m 32s
-
(Locked)
Intercepting sessions through man-in-the-middle4m 17s
-
(Locked)
Stripping SSL to downgrade the session1m 54s
-
(Locked)
Hijacking an HTTP session through cookies3m 20s
-
(Locked)
Using Subterfuge to hijack sessions through ARP poisoning7m 8s
-
(Locked)
Using Webscarab-NG as a web proxy3m 14s
-
(Locked)
Defeating the Hijack3m 6s
-
(Locked)
-
-
-
-