🕶️Session Attacks
a common flaw in apps that use session token and the main danger is if a session token is too short or contains static data that does not provide randomness to the token
Now a bit more complex but as easy to break ->
This seems complex but let's say we send plenty of requests:
the static string 2c0c58b27c71a2ec5bf2b4
followed by four random characters and the static string 92b9f9
So we can still bruteforce
Some more realistic stuff would consist of session tokens that contains encoded data
This seems very random:
But in fact ->
So we could create our session token with a simple command:
We should also keep an eye out for data in hex-encoding or URL-encoding.
And to craft a session token we could simply use the follwoing:
Obtain administrative access on the target to obtain the flag.
Last updated