Systems and methods for determining vulnerability to session stealing

摘要

Systems and methods for determining vulnerability to session stealing are disclosed. An example method includes intercepting, at a first computing device, an intercepted packet sent from a client to a second computing device different than the first computing device, the intercepted packet including a first instruction in a first portion of the intercepted packet, determining, using a template, a second portion of the intercepted packet that is a value that is changed by a calculated amount each time that the client sends a packet, changing the value by the calculated amount to determine a next value for a next packet, replacing the second portion of the intercepted packet with the next value to generate a modified packet, replacing the first portion of the modified packet with a second instruction, and transmitting the modified packet to the second computing device.

主权项

1. A method comprising:
intercepting, at a first computing device, an packet sent from a client to a second computing device different than the first computing device, the packet including a first instruction in a first portion of the packet; determining, using a template, a second portion of the packet that is a value that is changed by a calculated amount each time that the client sends a packet; changing the value by the calculated amount to determine a next value for a next packet; replacing the second portion of the packet with the next value to generate a modified packet; replacing the first portion of the modified packet with a second instruction; and transmitting the modified packet to the second computing device.