HTTP Replay Attack
From Guidance Share
Jump to navigationJump to search
With this type of attack, the attacker captures the user's authentication cookie using monitoring software and replays it to the application to gain access under a false identity.
- Ineffective or lacking verification of uniqueness of a request
- Provide a secure end-to-end communication channel between server and client (e.g., SSL)
- Authenticate each request uniquely (e.g., timestamp and digital signature)