HTTP Replay Attack

From Guidance Share
Jump to navigationJump to search


With this type of attack, the attacker captures the user's authentication cookie using monitoring software and replays it to the application to gain access under a false identity.


  • Ineffective or lacking verification of uniqueness of a request


  • Provide a secure end-to-end communication channel between server and client (e.g., SSL)
  • Authenticate each request uniquely (e.g., timestamp and digital signature)