Session Stealing (Remote Reflected XSS) Lab

Infosec Learning
Virtual Lab

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He wil...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He will then use a Firefox plugin to steal Alice’s session.