...

View Full Version : Session hijacking



deva.vvel
07-12-2007, 06:11 AM
Hi,

Can anyone help me what does session hijacking means, and how to use it..

thanks,
deva

Fumigator
07-12-2007, 07:20 AM
Every session has an encrypted session ID stored in the cookie or in the URL if cookies can't be used. If that session ID is stolen, for example from the URL, someone can potentially use it to send requests to your script and pose as the person who originally started the session.

So if Secretary Rice logged into the NSA's satellite positioning website using a session, and Habib was able to steal that session ID and use it while sending requests to the website using his own browser, the website would think it was Condalisa and would allow Habib to reposition all of the free world's satellites, thereby interrupting communication and plunging the free world into anarchy and chaos. Airplanes falling from the sky, the earth opening up and swallowing entire cities, mountains becoming valleys and valleys becoming mountains, floods famines, locusts, frogs, etc.etc.etc.

But you're just asking for educational purposes, right? You're not going to destroy the free world with your knowledge, are you?

birdbrain24
07-12-2007, 06:29 PM
LoL I Would Like To Know How To Do This To Access Other Peoples Accounts On A Game! Where Could I Learn To Do This?

rafiki
07-13-2007, 01:45 AM
LoL I Would Like To Know How To Do This To Access Other Peoples Accounts On A Game! Where Could I Learn To Do This?
Wow you really do live up to your name, nobody here is going to help you hack somebodys account on anything, maybe you should just get banned!!

matak
07-13-2007, 03:39 AM
Every session has an encrypted session ID stored in the cookie or in the URL if cookies can't be used. If that session ID is stolen, for example from the URL, someone can potentially use it to send requests to your script and pose as the person who originally started the session.

So if Secretary Rice logged into the NSA's satellite positioning website using a session, and Habib was able to steal that session ID and use it while sending requests to the website using his own browser, the website would think it was Condalisa and would allow Habib to reposition all of the free world's satellites, thereby interrupting communication and plunging the free world into anarchy and chaos. Airplanes falling from the sky, the earth opening up and swallowing entire cities, mountains becoming valleys and valleys becoming mountains, floods famines, locusts, frogs, etc.etc.etc.

But you're just asking for educational purposes, right? You're not going to destroy the free world with your knowledge, are you?

i've noticed you guys here don't even like to talk about sessions itself, and not to mention about session hijacking. i don't get it, in order to do that you need to know A LOT about a LOT of stuffz, so no need to be paranoid instantly :rolleyes:

deva.vvel
07-13-2007, 05:59 AM
Hi Fumigator.. you do not need to panic.. i just liked to gather information, and it was only for education purpose.. though your comments helped me to gain a brief knowledge about the subject..



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum