Exercise #3: Online Store Session Hijacking
Description
Perform an ethical hacking by adding an undesired product item into a victim's shopping cart.
- Set Firefox (hacker's browser) proxy setting to
manual proxy
HTTP Proxy: localhost
Port: 8080 - Set Burp proxy setting to
Port: 8080
Intercept On - In Chrome or IE (victim's browser)
- Visit the victim online store
- Add one product to the cart
- View cookies (right-click the page -> Inspect
Elements -> Resources -> Cookies)
- Copy cookie value of ASP.NET_SessionId and the cart ID
- In Firefox
- Visit the victim online store
- Add one product item to the cart
- Intercept, replace cookie value of ASP.NET_SessionId and cart ID, then forward
- In Chrome or IE