Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Coldfusion - Session Hijacking

Hello experts.
I found on this page :http://coldfusion.sys-con.com/node/46358 something about Man-in-the-Middle Attack (Session Hijacking).
Can i have please a code example from an expert to understand  how it works?
0
Panos
Asked:
Panos
1 Solution
 
_agx_Commented:

Always check the article date.  Recommendations and threats change rapidly.  Most of what that article says still applies, but ... it's from 2004.  So keep that in mind.  Check the comments here for important info about basic session hijacking with cf session variables
http://www.bennadel.com/blog/1537-The-Same-CFID-CFTOKEN-Values-Are-Used-Across-ColdFusion-Session-Timeouts.htm

MITM attacks aren't simple. They're not specific to CF and don't happen in CF code. They can apply to any web connection/application.  It usually involves an intruder with a packet sniffer. They use the program to monitor traffic between two computers (say a user and a server).  They then impersonate the other party by modifying the data.  There's a good diagram here:

http://www.owasp.org/index.php/Man-in-the-middle_attack
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

0
 
PanosAuthor Commented:
Thank you for your help agx.
Could you write a  test code for my other question:http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/Q_26636239.html

how to control the number of times someone has been to the site in one second.......from this site:http://www.anujgakhar.com/2010/01/26/what-is-the-best-way-to-deal-with-spidersbotscrawlers/   #7
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now