Identifying vulnerabilities in cookies
Cookies are small pieces of data sent from websites and stored in the user's web browser. They contain information relative to such browser or to some specific web application's user. In modern web applications, cookies are used to keep track of the user's session. By saving session identifiers on the server and on the user's computer, the server is able to distinguish between different requests made from different clients at the same time. When any request is sent to the server, the browser adds a cookie and then sends the request; the server can identify the session based on that cookie.
In this recipe, we will learn how to identify a couple of vulnerabilities that will allow an attacker to hijack the session of a valid user.
How to do it
Navigate to
http://192.168.56.102/mutillidae/.Open Cookie Manager+ and delete all the cookies. This is to prevent being confused with the previous ones.
Now, in Mutillidae II, navigate to OWASP Top 10 | A3 – Broken Authentication...
