290 Chapter 12 ■ Session Hijacking
Look at the IDs in Table 12.1 and you should be able to determine the pattern, or at
least how they were generated. You see that the first three letters stay the same. In Segment
2, the numbers stay the same as well. The third segment changes, and if you look closer
you might be able to tell something. In this case the segment gives time in 24-hour format,
which in turn gives you insight into segments 2 and 4. Segment 4 is the time in seconds.
If you look back at segment 2 you can see that it is actually the date, which in this case
is the 22nd of February 2005, or 22022005.Man-in-the-Middle Attack
A third way to get a session ID is the man-in-the-middle attack, which we will discuss later
in this chapter when we discuss network attacks; see the section “Man-in-the-Middle.”Man-in-the-Browser Attack
A fourth form is the man-in-the-browser attack, which is a particularly interesting form
of attack. The three most common forms are cross-site scripting, Trojans, and JavaScript
issues. We discussed Trojans in Chapter 8, “Trojans, Viruses, Worms, and Covert
Channels,” but let’s talk about cross-site scripting and JavaScript.
Cross-site scripting (XSS) is a type of attack that can occur in one of many forms,
but generally they can be said to occur when data of some type enters a web application
through an untrusted source (in the majority of cases, a web request). Typically this data is
included as part of dynamic content that has not gone through validation checks to ensure
it is all trustworthy.Dynamic content is any type of content that is generated “on the fly” or
on demand. Typically this means that a user, browser, or service makes a
request, which is sent to a server. The server interprets the request and
returns data in the form of a web page.TABLE 12.1 Dissected IDsSegment 1 Segment 2 Segment 3 Segment 4spo 22022005 1310 20spo 22022005 1415 20spo 22022005 1711 26spo 22022005 2131 11