HTTP Replay Attack

From Guidance Share

Jump to: navigation, search

Description

With this type of attack, the attacker captures the user's authentication cookie using monitoring software and replays it to the application to gain access under a false identity.


Vulnerabilities

  • Ineffective or lacking verification of uniqueness of a request


Countermeasures

  • Provide a secure end-to-end communication channel between server and client (e.g., SSL)
  • Authenticate each request uniquely (e.g., timestamp and digital signature)
Personal tools