Session Stealing (Remote Reflected XSS) Lab
Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He wil...
Already have an account? Sign In »

Session IDs are long randomized values used to uniquely identify a user with an application. If a session ID happens to get stolen, the result could lead to unauthorized access. In this lab, we will demonstrate session stealing, where Bob the hacker is able to obtain Alice the administrator’s session ID through a remote reflected XSS attack. He will then use a Firefox plugin to steal Alice’s session.