Screencast: Session Hijacking

Downloads in verschiedenen Formaten:

Resourcen:

Firesheep

terminal

[bash] sudo tcpdump -i lo0 -A curl http://todo.dev/ curl http://todo.dev/ -H ‘Cookies: …’ curl https://todo.dev/ -k -H ‘Cookies: …’ [/bash]

config/environments/production.rb

[ruby] config.force_ssl = true [/ruby]

sessions_controller.rb

[ruby] cookies.signed[:secure_user_id] = {secure: true, value: “secure#{user.id}”} # … cookies.delete(:secure_user_id) [/ruby]

application_controller.rb

[ruby] def current_user if !request.ssl? || cookies.signed[:secure_user_id] == “secure#{session[:user_id]}” @current_user ||= User.find(session[:user_id]) if session[:user_id] end end [/ruby]

Screencast: Session Hijacking

Downloads in verschiedenen Formaten:

Resourcen:

Related Posts

Screencast: Brakeman

Screencast: APIs schützen

Screencast: Sortierbare Tabellen

Screencast: 7 Sicherheitstips