Solved

Coldfusion - Session Hijacking

Posted on 2010-11-26
2
372 Views
Last Modified: 2012-05-10
Hello experts.
I found on this page :http://coldfusion.sys-con.com/node/46358 something about Man-in-the-Middle Attack (Session Hijacking).
Can i have please a code example from an expert to understand  how it works?
0
Comment
Question by:Panos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 52

Accepted Solution

by:
_agx_ earned 500 total points
ID: 34220080

Always check the article date.  Recommendations and threats change rapidly.  Most of what that article says still applies, but ... it's from 2004.  So keep that in mind.  Check the comments here for important info about basic session hijacking with cf session variables
http://www.bennadel.com/blog/1537-The-Same-CFID-CFTOKEN-Values-Are-Used-Across-ColdFusion-Session-Timeouts.htm

MITM attacks aren't simple. They're not specific to CF and don't happen in CF code. They can apply to any web connection/application.  It usually involves an intruder with a packet sniffer. They use the program to monitor traffic between two computers (say a user and a server).  They then impersonate the other party by modifying the data.  There's a good diagram here:

http://www.owasp.org/index.php/Man-in-the-middle_attack
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

0
 
LVL 2

Author Closing Comment

by:Panos
ID: 34224073
Thank you for your help agx.
Could you write a  test code for my other question:http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/Cold_Fusion_Markup_Language/Q_26636239.html

how to control the number of times someone has been to the site in one second.......from this site:http://www.anujgakhar.com/2010/01/26/what-is-the-best-way-to-deal-with-spidersbotscrawlers/   #7
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, I was working on some optimization and spam-stopping techniques when I encountered Ben Nadel's post to reduce spam feature using Math (http://www.bennadel.com/blog/197-How-I-Stop-Spammers-On-My-ColdFusion-Blog.htm). While this method is not o…
Hi, Even though I have created this Tutorial on My personal Blog, Some people might not able to find my website, So here i am posting it again Today, from the topic it is very clear that i will be showing you here the very basic usage of how we …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question