- Sep 17, 2013
- 1,492
This one is very simple to do.
Anyone using http session can be easily hijacked
You can do anything on that website , which is allowed to be done without asking for username and password. All this just by using the sniffed cookies.
Anyone can sniff on data traveling through hub, switches, router that you are using to connect to internet. They can easily hijack your http sessions.
Anyone using http session can be easily hijacked
- Just sniff the http session of a website using wireshark
- Note the captured Cookie
- open a web browser
- Add the name and value of captured cookie. save it.
- open the website . Now you are logged into someone else account.
You can do anything on that website , which is allowed to be done without asking for username and password. All this just by using the sniffed cookies.
Anyone can sniff on data traveling through hub, switches, router that you are using to connect to internet. They can easily hijack your http sessions.
Last edited: