Exercise: Authentication and Session Management
Implement a Session Fixation Attack on your guestbook
-
Before starting this exercise, verify that your server accepts sessionID's also in the URL, verify that you have the following configuration in your
php.inifile:session.use_only_cookies = 0
This is the default value and offers the possibility for this attack. - Write a program that connects to the page of your guestbook and stores the Session ID. (you can also do it directly using a telnet and noting the Session ID).
-
Write another program keeping your session alive. (sends regularly requests containing the session ID to the server).
Your program should send an alert when the user has been logged-in (for doing this, you have to look at a sentence that does not appear in the guestbook page normally). - Send a link to a browser containing the url of the guestbook and a SessionID (?PHPSESSID=1234). The user will log
- Remove the session ID inside your own browser. Start the guestbook with the same URL (containing the same SessionID): Ta da! You are logged in as your victim.
Related Pages
Contact
Prof. Dr. Emmanuel Benoist
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Berner Fachhochschule - TI
Quellgasse 21
CH-2501 Biel/Bienne
Switzerland
Mail: emmanuel.benoist (at) bfh.ch
Social Networks
Follow
me
on
Linkedin, Scholar
& Research gate