Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/qeeqbox/session-hijacking

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
https://github.com/qeeqbox/session-hijacking

example hijacking infosecsimplified metadata qeeqbox session visualization vulnerability

Last synced: 2 days ago
JSON representation

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

Host: GitHub
URL: https://github.com/qeeqbox/session-hijacking
Owner: qeeqbox
License: agpl-3.0
Created: 2022-04-25T17:52:05.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-01-29T01:00:13.000Z (10 months ago)
Last Synced: 2024-05-01T11:27:24.953Z (7 months ago)
Topics: example, hijacking, infosecsimplified, metadata, qeeqbox, session, visualization, vulnerability
Homepage:
Size: 184 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier.

## Example #1
1. Threat actor sniffs network traffic and gets a session identifier
2. Threat actor uses the same session identifier to gain unauthorized access to a victim's account

## Impact
Vary

## Risk
- Gain unauthorized access

## Redemption
- Identity confirmation
- Regenerate session ids at authentication
- Timeout and replace old session ids
- Store ids in HTTP cookies

## ID
3693c458-c1b8-439f-8f0b-c3620c1c0129

## References
- [wiki](https://en.wikipedia.org/wiki/session_hijacking)