Join facebook group THE HACKER DEVIL
Hi guys I was quite busy last few days due to which I was unable to pay attention to my blog for nearly 4-5 days. Day before yesterday when I checked my e-mails I was shocked to see 96 mails from contact me form. As days are passing number of emails are increasing and most of them contain silly and same questions whose answers were already posted on blog. Please note that I am not a kid nor a newbie in hacking I am a Computer and Network Security Professional and I really try my best to keep things as simple as possible but when I see questions from people I see lack in basics and sometimes incredible stupidity.
Attacks Against Mishandling Of Tokens
In last post to session hacking series we saw how to attack weak token generation methods. In this post we will see how session tokens are mishandled and how they are attacked for mishandling. An important point that you must note that no matter how much secure coding you implement while creating session tokens if they are mishandled there's no way you can protect session from getting hacked. Next thing that you should keep in mind is that implementation of SSL doesn't guarantee 100% security against session hacking. Implementation of SSL helps in protecting tokens if implemented properly but honestly speaking there are many websites which does not really implement SSL properly thus leaving even SSL open to attack.