Title :
CookieMonster: Automated Session Hijacking Archival and Analysis
Author :
Pauli, Joshua J. ; Engebretson, Patrick H. ; Ham, Michael J. ; Zautke, MarcCharles J.
Abstract :
We introduce a process-driven experiment named "CookieMonster" that can be ran against any cookie granting (i.e. session identification generation) application to test for strength of the cookie generation algorithm. The Cookie Monster processes are applicable to any operating system, web server, and web application as long as session identifiers are granted to requesting client machines. Our goal is to decipher how likely session hijacking attacks may be successful strictly because of weak session identifier generation by the web application. These processes and necessary infrastructure setup can be followed for future generations of web application and web server products because of the universal approach we created. Setup for the experiment includes a web server running a web application that grants session identifiers (cookies), an attack machine running our rapid request software (Bockscar) and a database for archival and analysis of the cookies.
Keywords :
Internet; security of data; Bockscar rapid request software; CookieMonster process-driven experiment; Web application; Web server products; cookie generation algorithm; cookie granting application; session hijacking analysis; session hijacking archival; session identification generation; Information technology; Yttrium; archiving; cookies; hijacking; sessions;
Conference_Titel :
Information Technology: New Generations (ITNG), 2011 Eighth International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-61284-427-5
Electronic_ISBN :
978-0-7695-4367-3
DOI :
10.1109/ITNG.2011.78
