Attacks Against Weak Token Generation
- First of all log-in to your account several times a day and copy cookie parameters in a text file, for each time you logged also note down time, changes in URL and hidden values.
- Next step would be finding out which tokens are really useful for session handling and which one are for fooling. So log in once again copy original cookie values and try to alter value for each token. If you were unable to log-on or you got logged in as another user after altering a token then that is the token useful for you. Try same on all tokens.
- Last step would be identifying what is weakness in tokens, sorry that can't be done using tool it requires you some brain-work.