bWAPP - Session Management (Strong Sessions)

bWAPP – Session Management (Strong Sessions)

In this walk through, we will be going through the Session Management (Strong Sessions) vulnerability section from bWAPP Labs. We will be exploring and exploiting Session Management flaws and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Session Management (Strong Sessions)

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application has a page showcasing the current logged in user’s cookie values. Along with that, there is another page named top security page which uses the cookie value and tells if the session is strong or not.

Session Mgmt - Strong Sessions

Welcome Bee

  • I manipulated the session value in the GET request to the top_security.php page to that of the user Kratos and was able to reflect that on page and take over the user’s session.

cookie = 9ngqcnadj4ikpli0ss3mkisl41

Burpsuite intercept

Burpsuite intercept

Welcome Kratos

Cookies

Security: Medium

  • Setting the security level to Medium.

Security level medium

  • The application has added top_security_nossl string with the cookie value but as per the Top security page the cookie is not protected over a non-SSL channel.

Cookies

Welcome Bee

Original Query:

Burpsuite intercept

  • I manipulated the request in Burpsuite and change the cookie value to that of user kratos and was able to reflect in the top security page but not in the main page.

Burpsuite intercept

Welcome Kratos

Cookies

Security: High

  • Setting the security level to High.

Security level high

  • The application has added top_security_ssl string with the cookie value and as per the Top security page the cookie is protected over a non-SSL channel.

Cookies

Welcome Bee

Original Query:

Burpsuite intercept

  • I manipulated the request in Burpsuite and change the cookie value to that of user kratos and was able to reflect in the top security page but not in the main page.

Burpsuite intercept

Session Mgmt - Session Session

Cookies

Also Read: bWAPP – Session Management (Cookies-Secure)

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Session Management (Strong Sessions) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Session Management attacks can be mitigated by creating strong session management mechanisms, employing secure coding practices to mitigate XSS and other vulnerabilities and using multi-factor authentication (MFA) to add an extra layer of security. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top