The Implementing Application-level Session Hijacking module provides you with the instructions and devices to develop your hands-on skills in the following topic:
- Viewing cookie information from unencrypted sites
Lab time: It will take approximately 30 minutes to complete this lab.
The following objective is covered in this lab:
Exercise 1 - Viewing Cookie Information from Unencrypted Sites
You can view the cookie information from unencrypted sites using the concept of session hijacking. The concept of session hijacking is also known as cookie hijacking. Session hijacking occurs at the network and application level. At the application level session hijacking, you will intercept the session ID of a particular session with the help of cookies and use it to gain unauthorized access to sensitive or critical data.
In this exercise, you will perform the following tasks to perform application-level session hijacking:
- Enable HTTP web service on PLABSA01
- Configure Burp Suite on PLABWIN10
- Configure Firefox to use Burp Suite proxy listeners
- Capture cookies
- Hijack the session