Search the Community
Showing results for tags 'session hijacking'.
I am interested in what some of you use during your pen-tests to hijack sessions and steal cookies. this is a subject that I am a bit of a novice at. What I like to do is filter traffic in wireshark using the http.cookie option and using firecookie to edit the session. I have found this to not work all the time. as I said, I am also a beginner at session hijacking attacks and mitigation. are there better options? what is your favorite session hijacking platform/methods?
I just wanted to share a tool I've found called sessionlist. Its a sniffer that keeps track of all HTTP sessions sniffed over the wire! There is a video showing how it works as well as a download on github! Check it out! Video: http://tinyurl.com/c9amzxj Source: http://tinyurl.com/6q33ojd Enjoy!