I was just watching some of the educational videos from imperva on youtube, and one of them was session hijacking. Basically you can obtain a coockie, in some way such as cross-site scripting, and then use the coockie to access a web page where you will be logged in as the user who that coockie belongs to, though I am wondering, would this be the case if its htts traffic? Not even sure if that exists in https? Like can you even sniff packets?
Slavi
94
Master Poster
Featured Poster
LaxLoafer
71
Posting Whiz in Training
HTTPS helps to prevent cookie theft by MITM attacks. However if a site has an XSS vulnerability the cookies can still be stolen. And if that site relied solely on a session cookie for authentication then an attacker could gain access to your account without needing to login.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.