Questions tagged [session-replay]
9 questions
6
votes
1 answer
Session Replay vs Session Fixation vs Session Hijacking
Can anyone give a clear difference between session fixation, session replay and session hijacking attacks? I have read many articles, but the matter is still unclear between session hijacking and session replay attacks.
swapneil dash
- 61
- 1
- 3
2
votes
1 answer
Next.js, Styled-components and Yandex Metrica Session Replay
I'm working in a project using Next.js and styled-components. In my file [slug].tsx:
export default function ProductDetails({ product }: IProductDetailsProps) {
const router = useRouter();
if (router.isFallback) {
return (
…
Dominick Brasileiro
- 21
- 3
1
vote
1 answer
Record Firefox Web Browser session from my mozilla addon
I am developing a mozilla addon and now I have to record the browser session for a specific time as a video and sent it to the server. The recording of the web session will be triggered and stopped from my addon. How would I record the web session?…
Muthu
- 299
- 4
- 19
1
vote
0 answers
How to prevent a session replay attack with Rails and Devise?
I am working on a Rails app that recently went through a security audit, and one of the issues they came up with is that if the user gets the "session_id" from another users cookie, he is able to log in as that user. Is it possible to prevent this?…
Karthik T
- 29,587
- 4
- 58
- 84
0
votes
1 answer
How to implement session recording similar to Hotjar, but for mobile apps
For web apps you would simply use MutationObserver to log all DOM changes and then replay them. What are the options for mobile apps?
Bart Blast
- 261
- 3
- 3
0
votes
0 answers
HMAC TimeStamping Tweak
I have reviewed a lot of information regarding the HMAC approach to securing a RESTful Web API. To prevent a replay attack, the usual recommendation is to use a TimeStamp with a constraint.
But it seems to me that a more straightforward (and…
prmph
- 4,827
- 7
- 31
- 35
0
votes
1 answer
How can I retrieve HTTP responses from recorded log without receiving actual response from the server?
I think this is how should it work: I record the HTTP activity while browsing my website online. Then, When running my website's HTML offline, no network activity is made. And when a request is made, a response is retrieved from the recorded log.
I…
Omar
- 3,679
- 4
- 14
- 29
0
votes
1 answer
Fiddler to replay HTTPS requests
Can HTTPS request be replayed using Fiddler/TamperData, probably due to poor handling of login process? Once I logout of my system (https), I am able to login back using replay.
Simon Buchan has already mentioned that HTTPS cannot be replayed.
Ref:…
linoox
- 97
- 2
- 10
-3
votes
2 answers
Fiddler to request HTTP requests with timing respected
Can HTTP request be replayed using Fiddler with caputered session timing respected?
I tried to replay a session with fiddler but the replay sends requests to the maximum speed ignoring the time of capture.
I tried to add this to onBeforeRequest()…
Lucar
- 3
- 3