Solved

Coldfusion - Session Hijacking

Posted on 2010-11-26
2
366 Views
Last Modified: 2012-05-10
Hello experts.
I found on this page :http://coldfusion.sys-con.com/node/46358 something about Man-in-the-Middle Attack (Session Hijacking).
Can i have please a code example from an expert to understand  how it works?
0
Comment
Question by:Panos
2 Comments
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 34220080

Always check the article date.  Recommendations and threats change rapidly.  Most of what that article says still applies, but ... it's from 2004.  So keep that in mind.  Check the comments here for important info about basic session hijacking with cf session variables
http://www.bennadel.com/blog/1537-The-Same-CFID-CFTOKEN-Values-Are-Used-Across-ColdFusion-Session-Timeouts.htm

MITM attacks aren't simple. They're not specific to CF and don't happen in CF code. They can apply to any web connection/application.  It usually involves an intruder with a packet sniffer. They use the program to monitor traffic between two computers (say a user and a server).  They then impersonate the other party by modifying the data.  There's a good diagram here:

http://www.owasp.org/index.php/Man-in-the-middle_attack
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

0
 
LVL 2

Author Closing Comment

by:Panos
ID: 34224073
Thank you for your help agx.
Could you write a  test code for my other question:http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/Q_26636239.html

how to control the number of times someone has been to the site in one second.......from this site:http://www.anujgakhar.com/2010/01/26/what-is-the-best-way-to-deal-with-spidersbotscrawlers/   #7
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Coldfusion print HTML tables 4 56
Splitting up a coldfusion site into 2 separate sites in IIS 3 89
Cold Fusion Session Timing Out 11 60
CFFILE upload help 98 138
Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
Recently while working on a project I got a very annoying cfdocument has no body error message. I had never seen this error before. So I checked the code. The code was pretty simple; it was Just showing me the cfdocumnt tag and inside that tag a …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now