Coldfusion - Session Hijacking

Hello experts.
I found on this page :http://coldfusion.sys-con.com/node/46358 something about Man-in-the-Middle Attack (Session Hijacking).
Can i have please a code example from an expert to understand  how it works?
LVL 2
PanosAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
_agx_Connect With a Mentor Commented:

Always check the article date.  Recommendations and threats change rapidly.  Most of what that article says still applies, but ... it's from 2004.  So keep that in mind.  Check the comments here for important info about basic session hijacking with cf session variables
http://www.bennadel.com/blog/1537-The-Same-CFID-CFTOKEN-Values-Are-Used-Across-ColdFusion-Session-Timeouts.htm

MITM attacks aren't simple. They're not specific to CF and don't happen in CF code. They can apply to any web connection/application.  It usually involves an intruder with a packet sniffer. They use the program to monitor traffic between two computers (say a user and a server).  They then impersonate the other party by modifying the data.  There's a good diagram here:

http://www.owasp.org/index.php/Man-in-the-middle_attack
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

0
 
PanosAuthor Commented:
Thank you for your help agx.
Could you write a  test code for my other question:http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/Q_26636239.html

how to control the number of times someone has been to the site in one second.......from this site:http://www.anujgakhar.com/2010/01/26/what-is-the-best-way-to-deal-with-spidersbotscrawlers/   #7
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.