Penetration Testing mailing list archives
A Brief Analysis of ASP.NET Session Identifiers
From: Tim <tim-pentest () sentinelchicken org>
Date: Sat, 20 Dec 2008 12:25:18 -0800
Hello, Any of you ever looked closely at ASP.NET_SessionId cookies? Ever wondered why certain digits don't look so random? Well I did, so I spent some quality time with a debugger last weekend and figured out just how those cookies are generated. Nothing earth shattering was found, but there were some interesting details that I though would be worth writing up: http://www.sentinelchicken.com/research/aspdotnet_sessionid/ If nothing else, hopefully it will save someone else the time I just spent uncovering the algorithm. cheers, tim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- A Brief Analysis of ASP.NET Session Identifiers Tim (Dec 20)