I was just watching some of the educational videos from imperva on youtube, and one of them was session hijacking. Basically you can obtain a coockie, in some way such as cross-site scripting, and then use the coockie to access a web page where you will be logged in as the user who that coockie belongs to, though I am wondering, would this be the case if its htts traffic? Not even sure if that exists in https? Like can you even sniff packets?

Re: Session hijacking 80 80

HTTPS helps to prevent cookie theft by MITM attacks. However if a site has an XSS vulnerability the cookies can still be stolen. And if that site relied solely on a session cookie for authentication then an attacker could gain access to your account without needing to login.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.