I was just watching some of the educational videos from imperva on youtube, and one of them was session hijacking. Basically you can obtain a coockie, in some way such as cross-site scripting, and then use the coockie to access a web page where you will be logged in as the user who that coockie belongs to, though I am wondering, would this be the case if its htts traffic? Not even sure if that exists in https? Like can you even sniff packets?

2 Years
Discussion Span
Last Post by LaxLoafer

HTTPS helps to prevent cookie theft by MITM attacks. However if a site has an XSS vulnerability the cookies can still be stolen. And if that site relied solely on a session cookie for authentication then an attacker could gain access to your account without needing to login.

Edited by LaxLoafer: Typo.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.