
JSESSIONID=JHAb6Q3Q1BGE5uCwNMfTDU1yxfxV9vhMODrP0krLdbem8FvqPA7l!568454685!-1062708981!7668!7002 Sessionid I will send the request in the form of query string. In this example I will use the sessionid that I have asked before, namely : For it before I have to ask the server to provide sessionid. I 'll try again with the server generated sessionid. Okay, after failing to propose sessionid carelessly with query string.

įixate sessionid who raised the server with query string It's a good sign because the cookies are given to victims will ease my attack. rom these responses also can be concluded that the server is independent banks prefer to use cookies so that when a client that gives sessionid in query string, returned by the Set- Cookie header. It turned out that my proposal rejected by the server, it is seen from responsenya which gives sessionid in the form of cookies on row 21. Here are is the request and response that occurred. I tried with a query string JSESSIONID = 01,234,567,890. To ascertain whether independent internet banking can be attacked with the session fixation, I will try to enter the query string contains the string JSESSIONID my own choosing.

JSESSIONID=JHAb6Q3Q1BGE5uCwNMfTDU1yxfxV9vhMODrP0krLdbem8FvqPA7l!568454685!-1062708981!7668!7002įixate sessionid their own elected to the query string
