Preventing Authentication Bypass with SessionID
What is SessionID?SessionID is a unique ID for checking the authentication of a logged on user. Based on the SessionID the Server responds to a browser. And the Session Hijacking involves, accessing the random sessionID based on user input. This sessionID is being used for both the Web and Mobile applications. Authentication Bypass places a major stack in application vulnerability.
Possible hybrid strings from user input.username+stringpassword+stringusername+passwordusername+date+string
Here, '+' is used to concatenate two different strings.
The following code could be helpful in order to crosscheck the severity based on the SessionID.
This is a program based on C#. In order to try this code, import the following modules and define this whole SessionProgram class under a Namespace.using System;
using System.Collections.Generic;using System.Linq;using System.Text;using System.Threading.Tasks;
This payload can be used to get sample permutations of various username/password and random strings. The same can be modified for a set of used cases only. Edit the constant string ‘validChars’ with a frequently used parameter value.
**This is for educational purposes only.**