Session Stealing (Remote Reflected XSS) Lab

Infosec Learning
Virtual Lab

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He wil...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or
View all SSO options

Already have an account? Sign In »

Overview

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He will then use a Firefox plugin to steal Alice’s session.

Learning Partner
Infosec Learning

Infosec Learning provides businesses, colleges, governments, and K-12 school districts a feature rich information technology training and skill assessment service via an advanced, cloud based, virtual machine powered platform, capable of significant customization with unlimited scale and growth potential.

Similar Content
Cross-Site Scripting
Cross-Site Scripting

This course will cover an introduction to Cross-Site Scripting (XSS)- a popular cybersecurity attack. ...

Cybrary
Course
Intermediate
1 CEU/CPE Hours Available
Certificate of Completion Offered
Session Stealing (Stored XSS) Lab
Session Stealing (Stored XSS) Lab

The development of this document is funded by the Boston Area Advanced Technological Education Connections ...

Infosec Learning
Virtual Lab
Intermediate
Remote Reflected XSS Mitigation and URL Encoding Lab
Remote Reflected XSS Mitigation and URL Encoding Lab

In this lab, students will start a HTTP collection server and then perform a Reflected ...

Infosec Learning
Virtual Lab
Intermediate