Not an expert in Pen-testing. However just giving you a lead. 1. http://en.wikipedia.org/wiki/Session_hijacking 2. http://youtu.be/dgYttfzdbWE
AFAIK, Metasploit framework (MSF) has tools to play with this. On Thu, May 15, 2014 at 6:28 PM, Revath S Kumar <[email protected]>wrote: > How the hackers do session / cookie highjack?? > > > On Thu, May 15, 2014 at 10:02 AM, Thomas Vazhappilly > <[email protected]>wrote: > >> If two-way authentication is turned on, users can prevent such threats >> for some extents. >> Still there are chances for session / cookie highjacks. >> >> >> On Wed, May 14, 2014 at 11:18 PM, aravind vijayan < >> [email protected]> wrote: >> >>> Hackers grab Google account passwords in a new, better crafted >>> phishing attack that is hard to catch with traditional heuristic >>> detection. A particularity in how Google Chrome displays data: URIs >>> makes Chrome users more vulnerable. The phishing attack also targets >>> Mozilla Firefox users. >>> >>> source: >>> http://www.hotforsecurity.com/blog/hackers-steal-google-account-passwords-in-better-crafted-phishing-attack-8602.html >>> >>> Registered Linux user #545296 >>> >>> _______________________________________________ >>> Indian Libre User Group Cochin Mailing List >>> http://www.ilug-cochin.org/mailing-list/ >>> http://ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org >>> #[email protected] >>> >> >> >> >> -- >> THOMAS. >> *M.VAZHAPPILLY* >> >> _______________________________________________ >> Indian Libre User Group Cochin Mailing List >> http://www.ilug-cochin.org/mailing-list/ >> http://ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org >> #[email protected] >> > > > > -- > with regards, > Revath S Kumar, > Rubyist / JavaScripter / PHP > > markdownblogger.herokuapp.com > > www.phprepo.in > revathskumar.com > +919995436867 > > <http://twitter.com/revathskumar> <http://www.linkedin.com/in/revathskumar> > <http://www.gplus.to/rsk> <http://www.about.me/revathskumar> > <http://www.phprepo.in/> > <http://www.github.com/revathskumar> <http://www.youtube.com/revathskumar> > <http://blog.revathskumar.com> <https://foursquare.com/revathskumar> > [image: > normal-1.png] <http://careers.stackoverflow.com/revathskumar> > > _______________________________________________ > Indian Libre User Group Cochin Mailing List > http://www.ilug-cochin.org/mailing-list/ > http://ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org > #[email protected] > -- THOMAS. *M.VAZHAPPILLY*
_______________________________________________ Indian Libre User Group Cochin Mailing List http://www.ilug-cochin.org/mailing-list/ http://ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org #[email protected]
