I posted about XSS previously. XSS is commonly used by malicious parties to steal session cookies in order to hijack a victim's active session and impersonate them.
For session cookie hijacking to be successful, the victim must already be logged into the application. Next, the victim must be tricked into clicking on a link to invoke the Javascript to compromise their cookie. In my video, I first display the session cookie using a Javascript pop-up by exploiting the lack of input validation on the third party's webserver. I set up a webserver on my local machine and I trigger another Javascript to request a resource that doesn't exist on my webserver. The session cookie is recorded in my webserver log as a result.
The high res version of this demo can be downloaded here.
Subscribe to:
Post Comments (Atom)
dnssecaudit.py
Since I was on a roll with Copilot, I decided to automate DNSSEC auditing with the following Python script. Not the most creative tool name....
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...
No comments:
Post a Comment