I'm trying to replicate session for my term paper and I've found quite a bit tips here, but can't replicate an attack on my localhost.
I've tried an example from here: http://www.devshed.com/c/a/PHP/Sessions-and-Cookies/2/
fixation.php:
<?php
session_start();
$_SESSION['username'] = 'chris';
?>
test.php
<?php
session_start();
if (isset($_SESSION['username']))
{
echo $_SESSION['username'];
}
?>
Article says I should be able to fixate session with:
http://example.org/fixation.php?PHPSESSID=1234
But inspecting the request headers it doesn't seem to work:
Cookie PHPSESSID=0avpo8ttlmg35apkjaovj6dgd3
Also, there is an "sess_0avpo8ttlmg35apkjaovj6dgd3" file in tmp folder.
I'm kind of lost here and have tried more than a few similar examples that didn't work...
A little update
in php.ini, setting these values:
session.use_trans_sid = 1
session.use_cookies = 0
and commenting out session.save_handler disables saving session in cookie and generating tmp file (i presume, please correct me if I'm wrong). Now I'm able to fixate the session (there is a file in tmp folder named sess_1234) and hijack it too (open in another browser, resume state). Again, corrent me if I'm wrong - was session fixation completley patched in recent php versions or just this simple attack? My current version is 5.3.4
Try changing the cookie in your browser. Using firefox, install the "Web Developer" tool bar extension. Then from the Cookies menu, choose "Edit Cookie" and change the value for your domain or create the new cookie that your trying to replicate.