Exposed Session Variables

Check List

Methodology

Black Box

Exposed Session Tokens via Misconfigured

1

Log into a user account on target.com

2

Navigate to Settings, Edit Profile and change your username

3

Intercept the request using a proxy tool like Burp Suite

4

Send the request to Intruder, and set the Token header as the payload position

5

Use a list of random session token values, ending with the valid one

6

Launch the attack and analyze the responses

7

Invalid Tokens: Response code 401 with a body length of 431

8

Valid Token: Response code 200 with a body length of 487

White Box

Cheat Sheet

PreviousSession FixationNextCross Site Request Forgery

Last updated