Pentest Book
Search
⌃K

Session fixation

Steps to reproduce
  1. 1.
    Open example.com/login.
  2. 2.
    Open browser devtools.
  3. 3.
    Get value for SESSION cookie.
  4. 4.
    Open example.com/login in the incognito tab.
  5. 5.
    In the incognito tab, change cookie value to the one, obtained in step 3.
  6. 6.
    In the normal tab (the one from steps 1-3) log in as any user.
  7. 7.
    Refresh page in the incognito tab.
Result
You are now logged in the incognito tab as user from step 6 as well.
Previous
Web Cache Deception
Next
Email attacks
Last modified 2yr ago