Chapter 7  ■ Attacking Session Management

most important lesson to draw from this topic is to be patient and determined.

Very many session management mechanisms that appear to be robust on first

inspection can be found wanting when analyzed closely. Deciphering the

method which an application uses to generate its sequence of seemingly ran-

dom tokens may take time and ingenuity. But given the reward, this is usually

an investment well worth making. 

Questions

Answers can be found at 

www.wiley.com/go/webhacker.

1. You log in to an application and the server sets the following cookie:

Set-cookie: sessid=amltMjM6MTI0MToxMTk0ODcwODYz;

An hour later, you log in again and receive the following:

Set-cookie: sessid=amltMjM6MTI0MToxMTk0ODc1MTMy;

What can you deduce about these cookies?

2. An application employs six-character alphanumeric session tokens and

five-character alphanumeric passwords. Both are randomly generated

according to an unpredictable algorithm. Which of these is likely to be

the most worthwhile target for a brute force guessing attack? List all of

the different factors that may be relevant to your decision.

3. You log in to an application at the following URL:

https://foo.wahh-app.com/login/home.php

and the server sets the following cookie:

Set-cookie: sessionId=1498172056438227; domain=foo.wahh-

app.com; path=/login; HttpOnly;

You then visit a range of other URLs. Which of the following will your

browser submit the 

sessionId

cookie to? (Select all that apply.)

(a)

https://foo.wahh-app.com/login/myaccount.php

(b)

https://bar.wahh-app.com/login

(c)

https://staging.foo.wahh-app.com/login/home.php

(d)

http://foo.wahh-app.com/login/myaccount.php

(e)

http://foo.wahh-app.com/logintest/login.php

(f)

https://foo.wahh-app.com/logout

(g)

https://wahh-app.com/login/

(h)

https://xfoo.wahh-app.com/login/myaccount.php

Download 5,76 Mb.

Do'stlaringiz bilan baham: