Session Stealing (Remote Reflected XSS) Lab

Infosec Learning
Virtual Lab

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He wil...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Overview

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He will then use a Firefox plugin to steal Alice’s session.

Learning Partner
Infosec Learning

Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.

Similar Content
Cross-Site Scripting
Course
Cross-Site Scripting
4.47
This course will cover an introduction to Cross-Site Scripting (XSS)- a popular cybersecurity attack. ...
1CEUs
Session Stealing (Stored XSS) Lab
Virtual Lab
Session Stealing (Stored XSS) Lab
The development of this document is funded by the Boston Area Advanced Technological Education Connections ...
Remote Reflected XSS Mitigation and URL Encoding Lab
Virtual Lab
Remote Reflected XSS Mitigation and URL Encoding Lab
In this lab, students will start a HTTP collection server and then perform a Reflected ...