This project is read-only.

Lens: Session fixation test module

The Session fixation tab of Lens provides tool to test your ASP.NET web application for session fixation vulnerabilities.

Perform a basic Session fixation test

  1. Enter a valid URL to the Target URL textbox. You can optionally click to Open to check the URL in your default browser.
  2. Enter the name of the session cookie to the Cookie name textbox. Lens will provide the default ASP.NET_SessionId value.
  3. Enter any valid ASP.NET Cookie value. You can click on the Generate random button and Lens will generate a fully random, but syntactically valid ASP.NET cookie value.
  4. Click on the Send test request button. Lens will send a test HTTP request with the given cookie parameters to the specified URL and will examine the cookies in the HTTP response. The result of the test is displayed in the Output window.

Advanced testing

With the Save to buttons you can save the test cookie to the Firefox, Chrome or Internet Explorer cookie store. The next time you open the specified URL in these browsers, the browser will send the specified cookie to the server.

Note: the Save to buttons are disabled if Chrome or Firefox is running. Please close the browser first then return to Lens and the buttons will be immediately enabled.

Note: currently Lens does not support removing these test cookies, so in order to get rid of them, you have to use the browsers' built-in cookie management features or any external cookie manager component.

Lens - Session fixation with Save.png

Last edited Jun 14, 2010 at 10:14 AM by balassy, version 5


No comments yet.