10.6 Penetration Testing

Session Hijacking Pen Testing

  • Sniff session traffic between two machines using tools such as Wireshark, Capsa Network Analyzer, Windump, etc.
  • Use proxy server trojans which changes the proxy settings in the victim's browser.
  • Use automated tools such as OWASP Zed Attack Proxy, Burp suite, JHijack, etc. to hijack sessions.
  • Crack the session ID if it is URL encoded, HTML encoded, Unicode encoded, Base64 encoded, or Hex Encoded.
  • Brute force session IDs with possible range of values for the session ID limited, until the correct session ID is found.

results matching ""

    No results matching ""