Stack Overflow
Stack Overflow

Questions tagged [session-hijacking]

Session hijacking is a type of network security attack that relies on "guessing" the ISNs of TCP packets and taking control over communication. The attacker intercepts and retransmits messages such as the communication is still on. The attack is performed using a program which appears as a service to the client and as a client to the server.

118 questions
0
votes
0 answers

Session hijacking using desktop application

Is it possible to create a windows application that can read the session cookies of a specific browser tab or of a specific domain, and use that for for example session hijacking by sending the cookie to a malicious user who enters it in his…
Jihad Haddad
  • 510
  • 5
  • 15
0
votes
1 answer

How to secure pass and set session id?

I'm using uploadify and the script (which uses adobe flash) creates a new session instead of using the current one when requesting the upload action url. To fix that I need to pass ahead the session id. Is there a way to do this without permit…
Keyne Viana
  • 6,094
  • 2
  • 21
  • 53
0
votes
2 answers

Objective-C - How to prevent session id reusing when app terminated?

My main question is how to detect the application termination by the end user when it was in the background (Suspended) to be able to send logout request to the server ? We already have a timeout interval in the server to kill the session, but…
Mohamed Amer
  • 119
  • 1
  • 1
  • 11
0
votes
2 answers

TheRubyRacer error while installing Beef in Windows 10 - 64 bit

I am trying to install Beef in a WIndows 10 - 64 bit PC. I followed the instructions provided in the following link: https://github.com/beefproject/beef/blob/master/INSTALL.txt But I keep getting this error: An error occurred while installing…
Neel
  • 449
  • 5
  • 18
0
votes
2 answers

Hijacking NSIS's download file on Windows

There's a file that I know it's packed with NSIS,and the logic of download file and then Exec highly possible using the NSIS functions like ExecWait in NSIS, The Problem is : I'm try to replace the file that NSIS downloaded from web so I could do…
d0ye
  • 1,390
  • 1
  • 11
  • 25
0
votes
1 answer

How secure are php session variables

I have in my Website an admin panel from which I can login to manage my website, and for the login authentication, I'm using a code that checks whether the username and the password exists in the dB, and if yes, I set a variable to true like…
Kadir Damene
  • 102
  • 1
  • 1
  • 8
0
votes
0 answers

login through the session or cookies created in virtual server

As we know when we login to a system, they creates some type of sessions or cookies to keep track which user is logged in and further processing is based on sessionid or cookies. Is it possible to get the session or cookies from virtual server and…
mukeshsalaria01
  • 13
  • 3
0
votes
0 answers

Prevent accidental session hijacking using JavaScript

Okay, this may sound like a stupid question, but this actually is a real life situation I gotta sort out. The company I work for is using a rather outdated online shop software (PHP) which is hosted on the companys server. Unfortunately, the source…
Chris
  • 1
0
votes
3 answers

Prevent PHP sesison hijack, are these good ideas?

I'm doing a simple shopping cart for a small site. I plan to store cart items as well as logged in user_id in session variables. to make things a little more secure, I thought I'd do this: sha1() the user_id before storing it in the session. Also…
matthew
  • 1
0
votes
3 answers

Avoiding session hijacking with Kohana

Do I have to do anything special to avoid session hijacking using Kohana framework? I'm assuming the session is manipulated only with the Kohana Session library
mmutilva
  • 17,450
  • 21
  • 57
  • 80
0
votes
1 answer

Session hijacking in Java Spring

I have a question regarding hijacking session variables. Let us suppose we have a web app supported by Spring Security and I have landed on a page with a bunch of session variables stored on the server side. Now, session variables normally are not…
user1836155
  • 818
  • 12
  • 26
0
votes
1 answer

How to prevent asp.net application from session hijacking?

I have read an article about session hijacking. please tell me asp.net session is how much secure. can people also do session hijacking with asp.net session. and also tell me how can i prevent my application from session hijacking. if you have any…
Dr. Rajesh Rolen
  • 13,143
  • 39
  • 98
  • 173
0
votes
1 answer

Session Cookie Hijack

ASP.Net Stores a session in a cookie. My concern: Can any other user of the same client computer, access that cookie and steal my session? And why? I think this question is valid for PHP, Java and all the Web Techonologies that use a session...
Miguel Domingos
  • 345
  • 1
  • 3
  • 17
0
votes
1 answer

Securing Login Form using IP Address

I have a user's table and it contains the ff. uid username password ip Here is the scene: If UserA was successfully logged in, the IP row will insert an IP so that if someone attempt to log in or attack, it will check first if IP exist(meaning:…
Jake Pucan
  • 598
  • 7
  • 11
0
votes
1 answer

Viewing XS Cookie on Facebook

I am able to view cookies using javascript:alert(document.cookie) But the problem is that not all cookies show up. Is there any way to read specific cookies, for instance the XS cookie using Javascript? It should have the same concept of working as…
user2736783
  • 1
  • 2
1 2 3 4 5 6
7
8