Re: How to create (hijacking) secure HTTP sessions?

[Michael Decker <MDecker () tesis de>]

        Hi!

> Beginning with ie5, ssl session id is renegotiated every two minutes
> during the same session.

Thanks, that is a very important information...
So I've found this article:
http://support.zeus.com/zlb/faqs/2005/08/12/why_do_ssl_connections_to_ie_browsers_pe

> In addition, I dont believe this field is readily available to most web
> developers, at least on the ms platform.

Could be... I'm using tomcat/apache, so it would be possible.

Bye

-- 
Michael Decker                      Michael.Decker () tesis de
TESIS SYSware GmbH                      http://www.tesis.de
Baierbrunnerstr. 15 * 81379 Muenchen * Tel. +49 89 747377-0


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------