From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Real-world hijacks - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Real-world hijacks
- [Presenter] A popular example of session hijacking was the 2008 Yahoo Mail session hijacking attack, which was popular enough that a special hacking tool called YM_hijack was written so that testers could run the hijack as soon as they gained access as a man in the middle. More recently in 2017, Danielle Sparkman ran a penetration test of the GitLab service. He noted that his session token was carried in the URL and he was simply able to paste the session token into a packet and hijack the session. This was particularly concerning as GitLab issues permanent session tokens that never expire. Once they're found they provide ongoing access to the perpetual session. In 2019, the Slack online service was found to be vulnerable to a session hijacking attack found fortunately by a security researcher on a bug bounty hunt. The vulnerability was an HTTP requests smuggling vulnerability. This form of attack tampers with the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.