Overview

Introduction

The Implementing Application-level Session Hijacking module provides you with the instructions and devices to develop your hands-on skills in the following topic:

  • Viewing cookie information from unencrypted sites

Lab time: It will take approximately 30 minutes to complete this lab.

Objectives

The following objective is covered in this lab:

-Session hijacking

Exercise 1 - Viewing Cookie Information from Unencrypted Sites

You can view the cookie information from unencrypted sites using the concept of session hijacking. The concept of session hijacking is also known as cookie hijacking. Session hijacking occurs at the network and application level. At the application level session hijacking, you will intercept the session ID of a particular session with the help of cookies and use it to gain unauthorized access to sensitive or critical data.

In this exercise, you will perform the following tasks to perform application-level session hijacking:

  • Enable HTTP web service on PLABSA01
  • Configure Burp Suite on PLABWIN10
  • Configure Firefox to use Burp Suite proxy listeners
  • Capture cookies
  • Hijack the session

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.