Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Session Hijacking Security
From: 11ack3r <11ack3r () gmail com>
Date: Wed, 16 Apr 2008 16:57:34 +0530
Hi Guys,

Thanks for your answers to my early post.

I saw & tested how easy it was to capture cookies over the network and
hijack sessions.

Now what's the countermeasure? Sites like yahoo.com or any from whole
lot don't use HTTPS after authentication. Is there any other technique
apart from HTTPS that they can use to ensure session hijacking is
thwarted?

How about sending one time cookies that are encrypted? Encryption will
ensure confidentiality and one timeness would mitigate replay attacks.

Is anyone aware of any non-HTTPS implementation that is more secure,
if not completely secure?

Thanks a ton

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]