340
◾
Ethical Hacking and Penetration Testing Guide
Step 2
—Next, we would feed
the response in burp sequencer, and it will automatically extract
the session token from it. If it doesn’t, select the session ID from the cookie field.
Step 3
—Next, we will click on “Start Live Capture,” and it will start capturing the tokens; it
will strip the set-cookie header from the http request, and as
the response comes from the
webserver, it would contain a newly generated session token.
Web Hacking
◾
341
Step 4
—Once it generates a minimum of 1000 tokens, click on “Analyze now”; the more the
number of the tokens generated, the better the analysis would be.
As we can see, the effective entropy is estimated to be 112 bits, which is a fairly good amount
of randomness for session tokens considering the fact that we captured around 1.7k requests. At
the bottom of the “Summary” tab, you would see a reliability session, which will tell you more
details about the session tokens.
Dostları ilə paylaş: