Preventing Authentication Bypass with SessionID

March 3, 2017 | Views: 3714

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What is SessionID?
SessionID is a unique ID for checking the authentication of a logged on user. Based on the SessionID the Server responds to a browser. And the Session Hijacking involves, accessing the random sessionID based on user input. This sessionID is being used for both the Web and Mobile applications. Authentication Bypass places a major stack in application vulnerability.

Possible hybrid strings from user input.
username+string
password+string
username+password
username+date+string

Here, ‘+’ is used to concatenate two different strings.

The following code could be helpful in order to crosscheck the severity based on the SessionID.

class SessionProgram
{
static string randomString(int length)
{
const string validChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789”  //This is the value for defining the string

                                stringBuilder res = new StringBuilder();           // Creating Null Object
Random rnd = new Random();
while (0 < length --)
{
res.Append(validChars[rnd.Next(validChars.Length)]);
}
}             //End of randomString()

                static void Main(string[] args)
{
int length = Console.Read();
string usedCase = Console.ReadLine();      // Get string from user
string hybridPass = randomString(length);
Console.WriteLine(hybridPass +usedCase);
}

}

This is a program based on C#. In order to try this code, import the following modules and define this whole SessionProgram class under a Namespace.using System;

using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

This payload can be used to get sample permutations of various username/password and random strings. The same can be modified for a set of used cases only. Edit the constant string ‘validChars’ with a frequently used parameter value.

**This is for educational purposes only.**

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
3 Comments
  1. thank you… if u make video streaming plz plz send me…

  2. Definitely, I’ll look into for video streaming.

  3. if, I got a video in this program, may be I can learn better,, thank you. 🙂

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel