Sign in to follow this  
Followers 0
DrNatas

CASTGC multiple valid sessions

2 posts in this topic

I'm trying to find out a way to create multiple successful authentications to a site. I'm the administrator for the site, and I need to find out how much stress the site can handle. All of this is being done in a test environment.

 

Known facts:

Valid User

Valid Password

Valid CASTGC

Valid JESSIONID

 

How can I create an attack to initiate multiple valid sessions on the site. I'm trying to figure out if that is even possible. I tried using THC Hydra, but no success. Any suggestions or comments would be greatly appreciated. Thank you. 

Edited by DrNatas
Spelling
0

Share this post


Link to post
Share on other sites

I'd use Perl: LWP::UserAgent. Then make a separate browser instance and loop through it for however many number of times you want. HTTP apps should not care about IP address only valid sessions as the programmer defines. Ever-time a tab that is opened in a browser a cookie could make it use the same session for for every instance of the web browser.

 

So looping instances through something like LWP::UserAgent and controlling the sessions making each look like a unique request should work (in LWP::UserAgent give each its own cookie jar). 

 

Example: Bob logs into pc and into gmail. Bob's session will be continued and he will auto-login from again with a new tab. Bob log's out of computer and Jane logs in. Jans's HTTP session is different from Bob's. If Jane opens Gmail in Opera and not I.E. she has a different HTTP session. 

 

This is because HTTP doesn't have sessions - these are done in PHP, ASP, or JSP. And the developer uses cookies to maintain session state (usually HTTP cookies in memory). So new browser sessions with their own cookie jar. And each should be new to the web-app. However, you may need to see how the web-app checks session state by looking at the cookies.

Edited by tekio
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0