HACKLOG 2x17 - Session Attacks (CSRF Session Hacking Guide) (Subtitled)
Вставка
- Опубліковано 10 вер 2024
- ⚠️ The subtitles have been translated automatically. We apologize for any errors. If you want, you can help us translate them! Visit Hacklog.net for more information. Thank you!
-----------------------------------------
ℹ️ Websites (and web apps in general) make use of sessions to memorize the user and avoid asking for credentials every time: since an HTTP connection can use several TCP connections, the web server usually sends a session token, represented by a value contained in a variable and sent through URL, in HTTP headers with cookies, through hidden inputs and much more. Sessions and cookies are therefore fundamental in the design of a web app but can contain important security risks.
Session attacks (Session Hijacking) therefore consist in taking possession of the identity of a user, bypassing the authentication mechanisms: we will therefore demonstrate how it is possible to appropriate a session and perform (or have performed) actions in the name of another user , pass the checks and determine the generation of sessions.
-----------------------------------------
🔖 Hacklog contents are licensed under a Creative Commons license and distributed by Inforge.net.
📘 The course can be accompanied by the book, in paper or digital format - also downloadable for free - from the site www.hacklog.net
❤️ To support the project, purchase a hard copy from Amazon: amzn.to/2PQm7g6
🎵 Glitchexe: open.spotify.c...
️⃣ #csrf #hacking #itsec #itsecurity #hacker #sicurezzainformatica #informatica #webhacking #web #www #sqlinjection #xss #ddos #csrf #php #html #js #javascript #css #webserver #apache #mysql #cybercrimine
Spiegato meravigliosamente bene. Molto molto bravi!
Grazie!
Non c'è un modo per eliminare i cookie?
I cookie servono a elaborare più velocemente la sessione, altrimenti l'utente ogni volta dovrebbe reinserire i dati di login. Si, si possono eliminare, ma a questo punto non avrebbe senso usarli.