3 Attacking session management

 

This chapter covers

  • Understanding how session management works
  • Learning how hackers can steal session ID data
  • Determining an attack has occurred and how to prevent it
  • Protecting session (and other) cookies
  • Using HTTPS routinely and consistently

In late 2010, software developer Eric Butler released a Firefox extension called Firesheep. It worked like this: you would connect to a public Wi-Fi network, like at a train station or a coffee shop. When installed and active, the extension would continuously analyze (unencrypted) data in the current wireless network. If someone else in the same network was logged into one of a select number of sites, a window popped up, prompting you to go to that site, as that other person. And indeed, one click later, you could access a third-party site as the person sitting close to you. Those sites included

  • Amazon
  • Facebook
  • Google (including Google Mail)
  • Hacker News
  • LinkedIn
  • Quora
  • Reddit
  • Stack Overflow
  • Twitter
  • Windows Live (including Windows Live Mail, previously known as Hotmail)
  • Yahoo! (including Yahoo! Mail)
  • And about 20 more

3.1 Anatomy of a session management attack

3.1.1 Stealing session cookies

3.1.2 Cookies and session management

3.2 ASP.NET Core cookie and session settings

3.3 Enforcing HTTPS

3.4 Detecting session hijacking

sitemap