Home page logo
/

pen-test logo Penetration Testing mailing list archives

A Brief Analysis of ASP.NET Session Identifiers
From: Tim <tim-pentest () sentinelchicken org>
Date: Sat, 20 Dec 2008 12:25:18 -0800

Hello,

Any of you ever looked closely at ASP.NET_SessionId cookies?  Ever
wondered why certain digits don't look so random?  Well I did, so I
spent some quality time with a debugger last weekend and figured out
just how those cookies are generated.

Nothing earth shattering was found, but there were some interesting
details that I though would be worth writing up:
  http://www.sentinelchicken.com/research/aspdotnet_sessionid/

If nothing else, hopefully it will save someone else the time I just
spent uncovering the algorithm.

cheers,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • A Brief Analysis of ASP.NET Session Identifiers Tim (Dec 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]