Insecure by Design, Epic Games Peer-to-Peer Multiplayer Service: A story about how a few fatal design flaws led to multiplayer session hijacking. billdemirkapi.me/insecure…
πŸ‘︎ 151
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/D4stiny_
πŸ“…︎ Dec 17 2020
🚨︎ report
Are hardware authenticators (Yubikey/Solokey) susceptible to attacks like Session Hijacking (cookie sniffing)?

I've tried to find articles about FIDO susceptibility to this it but it's kind of sparse.

πŸ‘︎ 8
πŸ“°︎ r/privacytoolsIO
πŸ’¬︎
πŸ‘€︎ u/TheRavenSayeth
πŸ“…︎ Nov 22 2020
🚨︎ report
After taking over the media, universities, arts and other sectors, the Far Left is hijacking the judiciary. Judges will be forced to undergo brainwashing sessions on systemic racism. And who supports this bill? All the leftist parties in the HoC, including the Conservatives. twitter.com/MaximeBernier…
πŸ‘︎ 29
πŸ’¬︎
πŸ‘€︎ u/VVindowmaker
πŸ“…︎ Oct 28 2020
🚨︎ report
Is Your Session Hijacked? How to Prevent Session Hijacking? - CTemplar ctemplar.com/is-your-sess…
πŸ‘︎ 4
πŸ“°︎ r/ctemplar
πŸ’¬︎
πŸ‘€︎ u/CTemplar-Official
πŸ“…︎ Sep 25 2020
🚨︎ report
How would HTPPS prevent session hijacking?

Title.

Thank you!

πŸ‘︎ 2
πŸ“°︎ r/Network
πŸ’¬︎
πŸ‘€︎ u/saib0tn00b
πŸ“…︎ Aug 05 2020
🚨︎ report
what is session hijacking?
πŸ‘︎ 4
πŸ’¬︎
πŸ‘€︎ u/icssindia
πŸ“…︎ Jun 17 2020
🚨︎ report
Session hijacking tools

Hi, I recently learnt about how session hijacking can be used as a way to bypass 2FA login. So I got very curious as to how to safeguard against this type of hijacking for my apps.

In order to learn how to safeguard against session theft, I first want to know all the ways in which people can steal sessions. Everything I see online is done using some proxy server (MITMProxy or Ettercap). However, I understand that using https will make these methods useless.

So now my question is, what other tools/techniques do people use for this attack?

Also, do session hijacks happen in real life? Or is it just a theoretical argument?

Thanks

πŸ‘︎ 3
πŸ“°︎ r/hacking
πŸ’¬︎
πŸ‘€︎ u/ilovefunctions
πŸ“…︎ Apr 10 2020
🚨︎ report
Cookie Manipulation and Session Hijacking - Be The H.A.C.R. - Ep - 08 youtu.be/fbZpsHMgNdk
πŸ‘︎ 3
πŸ“°︎ r/cybersecurity
πŸ’¬︎
πŸ‘€︎ u/LuD1161
πŸ“…︎ Jun 13 2020
🚨︎ report
Cookie Manipulation and Session Hijacking - Be The H.A.C.R. - Ep - 08 youtu.be/fbZpsHMgNdk
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/LuD1161
πŸ“…︎ Jun 13 2020
🚨︎ report
'Session Hijacking' not working

On an member exclusive website I'm part of I'm trying to login in one browser using the session id of another browser but for some reason it's not working. There seem to be 2 identifying cookies, one is the PHPSESSID but if I change it nothing happens, no logout, no nothing. There is another exp_sessionid which does seem to control things because when I remove something of the string it logs me out after refresh and when I undo the change I'm logged in again.

But the weird thing is that if I put that exp_sessionid in my other browser (firefox -> chromium and vice versa) then it will not let me log in. I even tried making all the cookies exactly the same but it still is not working. I even tried to recreate the GET request to login but with no results (not entirely sure if I do that correctly though). So what could be the problem here, browser?

An odd thing which perhaps has something to do with it is that, when logged in you're not able to navigate to a page by entering it in the url bar but you have to click on page links otherwise it will redirect you towards the home page.

Whenever I try to recreate an http request I get the response 302 Moved Temporarily, and then I will be moved back to the login page.

πŸ‘︎ 2
πŸ“°︎ r/HowToHack
πŸ’¬︎
πŸ‘€︎ u/dothrage
πŸ“…︎ Jan 26 2020
🚨︎ report
Session Hijacking and Other Session Attacks

If a malicious hacker gets their hands on a session ID, they can get unauthorized access to a web application and fully impersonate a valid user. Learn more about methods that attackers use to obtain a valid session ID.Β  Read on Β»

https://preview.redd.it/xgq8zh2xx9g41.png?width=910&format=png&auto=webp&s=9f047b8b5eee30c9ff40a25686418841b42fac45

πŸ‘︎ 6
πŸ“°︎ r/security
πŸ’¬︎
πŸ‘€︎ u/AcunetixLtd
πŸ“…︎ Feb 11 2020
🚨︎ report
RDP hijacking β€” how to hijack RDS and RemoteApp sessions transparently to move through an organisation medium.com/@networksecuri…
πŸ‘︎ 387
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/TechLord2
πŸ“…︎ Mar 17 2018
🚨︎ report
Hi everyone! Wanted to know how common of a problem session hijacking is now-a-days?

It’s mostly mitigated by using https. But it’s still possible for that to happen if someone is using an app behind a β€œtrusted” proxy for example in a large organisation where they want to monitor all the traffic in their network.

Thanks!

πŸ‘︎ 2
πŸ“°︎ r/security
πŸ’¬︎
πŸ‘€︎ u/ilovefunctions
πŸ“…︎ Mar 24 2019
🚨︎ report
If using XSS vulnerability for hijacking session cookies, how would you convince the user to enter the script in the search parameter?

I have seen a proof of concept for XSS where an attacker uses a script that can send session cookies to the attacker's server (if cookie isn't marked with httpOnly attribute). So in a real world scenario, how would the attacker get the user to enter the script in the search field?

πŸ‘︎ 7
πŸ“°︎ r/AskNetsec
πŸ’¬︎
πŸ‘€︎ u/Nucky76
πŸ“…︎ Feb 28 2019
🚨︎ report
Hijacking Cookies or Sessions youtu.be/HuA7rLdb3a8
πŸ‘︎ 3
πŸ“°︎ r/netsecstudents
πŸ’¬︎
πŸ‘€︎ u/Lavasquabble
πŸ“…︎ Aug 08 2019
🚨︎ report
An old email from Tsutomu Shimomura on January 25 1995 describing Kevin Mintnick's TCP session hijacking attack. gulker.com/ra/hack/tsatta…
πŸ‘︎ 428
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/soup_nazi1
πŸ“…︎ Jan 08 2016
🚨︎ report
Is hijacking sessions for troubleshooting purposes unethical? If so, how do companies prevent employees from doing it?

Example: Customer has problem. Near impossible to reproduce. In desperation, find their session id in the database, log into the app, edit session id, and now you are them. Is this bad? Do I bring attention to this? Are most site devs able to do the same? Can it be prevented? It felt dirty but I was able to do my job way more easily.

πŸ‘︎ 3
πŸ“°︎ r/learnprogramming
πŸ’¬︎
πŸ‘€︎ u/dunderball
πŸ“…︎ Jul 19 2019
🚨︎ report
Common Web Application Threats? 1. SQL Injection 2. Cross Site Scripting(XSS) 3.Denial of Service Attacks 4.Cross-Site Request Forgery(CSRF) 5.Session hijacking 6.Parameter Tampering 7.Code Injection. how to protect from these kind of threats?
πŸ‘︎ 2
πŸ“°︎ r/AskReddit
πŸ’¬︎
πŸ‘€︎ u/lokendra15
πŸ“…︎ Mar 09 2019
🚨︎ report
Is the iOS Instagram app still vulnerable to session hijacking?

I’ve just come across an article saying about the vulnerabilities of session hijacking and they mentioned that the iOS Instagram app was vulnerable. The article date was 2014 and anything I’ve searched on the subject is around that time period too.

Does the session vulnerability still exist in the iOS app or has it been fixed? If not, then I’ve been using a vulnerable version of Instagram for years and that worries me quite a lot.

πŸ‘︎ 3
πŸ“°︎ r/hacking
πŸ’¬︎
πŸ‘€︎ u/muscletown79
πŸ“…︎ Dec 19 2018
🚨︎ report
XSS, CSRF And Session Hijacking agiratech.com/xss-csrf-an…
πŸ‘︎ 3
πŸ“°︎ r/webdevelopment
πŸ’¬︎
πŸ‘€︎ u/AgiraTechnologies
πŸ“…︎ Apr 30 2019
🚨︎ report
UK ISPs "hijacking" browsing sessions to force porn filter block choice neowin.net/news/uk-isps-h…
πŸ‘︎ 139
πŸ“°︎ r/unitedkingdom
πŸ’¬︎
πŸ‘€︎ u/ben_uk
πŸ“…︎ Dec 22 2014
🚨︎ report
Firesheep: Easy HTTP session hijacking from within Firefox codebutler.com/firesheep
πŸ‘︎ 308
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/webspiderus
πŸ“…︎ Oct 25 2010
🚨︎ report
Inject cookie for session hijacking

I have the cookie information through wireshark. Can comeone guide me through how to inject the cookie for session hijacking?

πŸ‘︎ 3
πŸ“°︎ r/HowToHack
πŸ’¬︎
πŸ‘€︎ u/kushal10
πŸ“…︎ Dec 29 2017
🚨︎ report
Crack in Internet's foundation of trust allows HTTPS session hijacking arstechnica.com/security/…
πŸ‘︎ 315
πŸ“°︎ r/programming
πŸ’¬︎
πŸ‘€︎ u/swizec
πŸ“…︎ Sep 13 2012
🚨︎ report
How can I create a Honeypot to see if someone is hijacking an online shopping session?

So far, I've only toyed with some of the tools in Kali, so I have a very basic understanding of hacking.

I suspect that a person sharing our wifi may be somehow hijacking sessions on eBay and I want to catch him.

For background, a roommate moved in and shortly thereafter, me and another roommate have had mysterious online orders. For me, someone ordered something on eBay and had it shipped to my other address. This happened just after I had checked my eBay account on that network.

I didn't use eBay on that network for a few weeks, but the next time I did, someone tried to buy an expensive camera on the account, but I unlinked my CC, so they just left it in the shopping cart.

I called eBay, but they won't give me the IP of the purchase, so I don't know if the killer is in the house. It's just odd that they would hijack two sessions in a row on the same network.

Anyway, can I create a honeypot to catch them? Is there a way they can be hijacking my session and can I catch them?

TIA

πŸ‘︎ 8
πŸ“°︎ r/HowToHack
πŸ’¬︎
πŸ‘€︎ u/SchwarzerKaffee
πŸ“…︎ Oct 16 2017
🚨︎ report
Steam needs to destroy every session. Potential session hijacking.

We all know that steam had issues with they servers. The good thing is that after 1 hour they finally took their servers down.

However (based on that comment) we could say we are "safe" (since HTTP headers are not cached (including cookies)), but if we investigate further, we can see that cached HTML exposes the sessionID and the accountID (http://i.imgur.com/ZCmQTpG.png, http://i.imgur.com/X6lI5Vp.png)

This is a big issue, since potential malicious users could have easily have set-up a scrapper that could log cached sessions and later on, when steam servers are finally "fixed", could easily hijack those sessions.

Steam should destroy every session. This can cause a lot of problems!!

πŸ‘︎ 60
πŸ“°︎ r/Steam
πŸ’¬︎
πŸ‘€︎ u/Nominance
πŸ“…︎ Dec 26 2015
🚨︎ report
I have ZERO knowledge of hacking and writing code. I understand there are different spectrums of hacking, and I would like to get into one specifically(Session Hijacking/Sidejacking) . Where do I start?

So I recently discovered about 'Session Hijacking/ Sidejacking' and would like to further my knowledge about how to do this specifically. However I have zero knowledge about hacking and or coding, I'm a complete newb when it comes to programming in general. Is there a really dumbed down tutorial on what to do in regards to increasing my knowledge on the topic? Also anything for hacking wifis? Where would i start??

In the past, 4-5 years back I tried teaching myself on Session Hijacking/Sidejacking and stumbled upon 'Hamster and Ferret' but could not get it to work. Idk if its because I was using windows? and that I needed to use linux? But is there something presently similar to that? Also is a laptop that runs linux a MUST? I recall back when I tried teaching myself all the programs people used only ran on linux :(

πŸ‘︎ 40
πŸ“°︎ r/HowToHack
πŸ’¬︎
πŸ‘€︎ u/SirLafayette
πŸ“…︎ Jan 03 2016
🚨︎ report
DroidSheep - Android Application for Session Hijacking blog.insecure.in/?p=962
πŸ‘︎ 100
πŸ“°︎ r/netsec
πŸ’¬︎
πŸ‘€︎ u/mubix
πŸ“…︎ Sep 21 2011
🚨︎ report
[QRL Jacking] A New Social Engineering Attack On Whatsapp Web Session Hijacking | How To Be Safe ? myteachworld.com/2018/03/…
πŸ‘︎ 2
πŸ“°︎ r/hacking
πŸ’¬︎
πŸ‘€︎ u/myteachworld
πŸ“…︎ Mar 24 2018
🚨︎ report
'Session Hijacking' not working

On an member exclusive website I'm part of I'm trying to login in one browser using the session id of another browser but for some reason it's not working. There seem to be 2 identifying cookies, one is the PHPSESSID but if I change it nothing happens, no logout, no nothing. There is another exp_sessionid which does seem to control things because when I remove something of the string it logs me out after refresh and when I undo the change I'm logged in again.

But the weird thing is that if I put that exp_sessionid in my other browser (firefox -> chromium and vice versa) then it will not let me log in. I even tried making all the cookies exactly the same but it still is not working. I even tried to recreate the GET request to login but with no results (not entirely sure if I do that correctly though). So what could be the problem here, browser?

An odd thing which perhaps has something to do with it is that, when logged in you're not able to navigate to a page by entering it in the url bar but you have to click on page links otherwise it will redirect you towards the home page.

Edit: Whenever I try to recreate an http request I get the response 302 Moved Temporarily

πŸ‘︎ 5
πŸ“°︎ r/hacking
πŸ’¬︎
πŸ‘€︎ u/dothrage
πŸ“…︎ Jan 26 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.