Web session tools
The next section will cover tools used for Penetration Testing web sessions. Some tools are not available in Kali1.0; however, they can be obtained online.
Firefox plugins
The manual method to perform a session hijack is stealing a victim's authentication cookie. One way to accomplish this is injecting a script on a compromised web application server so cookies are captured without the victim's knowledge. From there, the attacker can harvest authentication cookies and use a cookie injector tool to replace the attacker's cookie with an authorized stolen cookie. Other methods used to steal cookies are packet sniffing, network traffic, and compromising hosts. Stealing cookies will be covered later in this book.
The Firefox web browser ...
Get Web Penetration Testing with Kali Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
