Penetration Testing mailing list archives
Re: Session ID Analysis
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 12 Aug 2010 14:30:01 -0700
thanks portswigger. I will do that. All im looking for is a scientific way of indeed proving the non randomness of the token and if possible even predict next tokens.
For a more thorough set of tests, you may want to check out an old tool of mine, stompy: http://lcamtuf.coredump.cx/soft/stompy.tgz But there really is no way around simply spending some time to understand how these tools work and what their output means in a particular context. /mz ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Session ID Analysis M.D.Mufambisi (Aug 12)
- Message not available
- Re: Session ID Analysis M.D.Mufambisi (Aug 12)
- Message not available
- Re: Session ID Analysis PortSwigger (Aug 12)
- Re: Session ID Analysis M.D.Mufambisi (Aug 12)
- Re: Session ID Analysis Michal Zalewski (Aug 12)
- Re: Session ID Analysis M.D.Mufambisi (Aug 12)
- Re: Session ID Analysis Steve Pinkham (Aug 12)
- Re: Session ID Analysis Shankar Arjunan (Aug 13)
- Re: Session ID Analysis Steve Pinkham (Aug 16)