下載 APKPure App
可在安卓獲取Guessable Session ID的歷史版本
會話預測攻擊側重於預測會話 ID 值
The session prediction attack focuses on predicting session ID values that permit an attacker to bypass the authentication schema of an application. By analyzing and understanding the session ID generation process, an attacker can predict a valid session ID value and get access to the application.
n the first step, the attacker needs to collect some valid session ID values that are used to identify authenticated users. Then, they must understand the structure of session ID, the information that is used to create it, and the encryption or hash algorithm used by the application to protect it. Some bad implementations use sessions IDs composed by username or other predictable information, like timestamp or client IP address. In the worst case, this information is used in clear text or coded using some weak algorithm like base64 encoding.
最新版本1.0.0更新日誌
Last updated on 2021年09月27日
Minor bug fixes and improvements. Install or update to the newest version to check it out!
翻譯中...
Guessable Session ID (Web)
1.0.0 by hpAndro
2021年09月27日