Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: How to create (hijacking) secure HTTP sessions?
From: Michael Decker <MDecker () tesis de>
Date: Wed, 07 Jun 2006 09:05:29 +0200

        Hi!

Beginning with ie5, ssl session id is renegotiated every two minutes
during the same session.

Thanks, that is a very important information...
So I've found this article:
http://support.zeus.com/zlb/faqs/2005/08/12/why_do_ssl_connections_to_ie_browsers_pe

In addition, I dont believe this field is readily available to most web
developers, at least on the ms platform.

Could be... I'm using tomcat/apache, so it would be possible.

Bye

-- 
Michael Decker                      Michael.Decker () tesis de
TESIS SYSware GmbH                      http://www.tesis.de
Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]