HTTP Replay Attack

Description

With this type of attack, the attacker captures the user's authentication cookie using monitoring software and replays it to the application to gain access under a false identity.

Vulnerabilities

• Ineffective or lacking verification of uniqueness of a request

Countermeasures

• Provide a secure end-to-end communication channel between server and client (e.g., SSL)
• Authenticate each request uniquely (e.g., timestamp and digital signature)