Session hijacking

deva.vvel · 07-12-2007, 06:11 AM

Hi,

Can anyone help me what does session hijacking means, and how to use it..

thanks,
deva

Fumigator · 07-12-2007, 07:20 AM

Every session has an encrypted session ID stored in the cookie or in the URL if cookies can't be used. If that session ID is stolen, for example from the URL, someone can potentially use it to send requests to your script and pose as the person who originally started the session.

So if Secretary Rice logged into the NSA's satellite positioning website using a session, and Habib was able to steal that session ID and use it while sending requests to the website using his own browser, the website would think it was Condalisa and would allow Habib to reposition all of the free world's satellites, thereby interrupting communication and plunging the free world into anarchy and chaos. Airplanes falling from the sky, the earth opening up and swallowing entire cities, mountains becoming valleys and valleys becoming mountains, floods famines, locusts, frogs, etc.etc.etc.

But you're just asking for educational purposes, right? You're not going to destroy the free world with your knowledge, are you?

birdbrain24 · 07-12-2007, 06:29 PM

LoL I Would Like To Know How To Do This To Access Other Peoples Accounts On A Game! Where Could I Learn To Do This?

rafiki · 07-13-2007, 01:45 AM

Quote:

Originally Posted by birdbrain24

LoL I Would Like To Know How To Do This To Access Other Peoples Accounts On A Game! Where Could I Learn To Do This?

Wow you really do live up to your name, nobody here is going to help you hack somebodys account on anything, maybe you should just get banned!!

matak · 07-13-2007, 03:39 AM

Quote:

Originally Posted by Fumigator

Every session has an encrypted session ID stored in the cookie or in the URL if cookies can't be used. If that session ID is stolen, for example from the URL, someone can potentially use it to send requests to your script and pose as the person who originally started the session.

So if Secretary Rice logged into the NSA's satellite positioning website using a session, and Habib was able to steal that session ID and use it while sending requests to the website using his own browser, the website would think it was Condalisa and would allow Habib to reposition all of the free world's satellites, thereby interrupting communication and plunging the free world into anarchy and chaos. Airplanes falling from the sky, the earth opening up and swallowing entire cities, mountains becoming valleys and valleys becoming mountains, floods famines, locusts, frogs, etc.etc.etc.

But you're just asking for educational purposes, right? You're not going to destroy the free world with your knowledge, are you?

i've noticed you guys here don't even like to talk about sessions itself, and not to mention about session hijacking. i don't get it, in order to do that you need to know A LOT about a LOT of stuffz, so no need to be paranoid instantly

deva.vvel · 07-13-2007, 05:59 AM

Hi Fumigator.. you do not need to panic.. i just liked to gather information, and it was only for education purpose.. though your comments helped me to gain a brief knowledge about the subject..