| Level | Focus | Typical Tests | Deliverable | | :--- | :--- | :--- | :--- | | | Presence of Secure , HttpOnly . | Manual cookie inspection, SSL Labs scan. | Gap list. | | 2 – Dynamic | Session fixation, predictable tokens. | Automated fuzzing (Burp Sequencer), manual fixation PoC. | Reproducible exploit steps. | | 3 – Adversarial | Network MitM, XSS chaining. | ARP spoof + session replay, DOM-based XSS to steal tokens. | Full attack simulation video + logs. | | 4 – Resilient | Token binding, behavior analytics. | Attempt replay from different IP/device; test concurrent session termination. | Risk score and architectural changes. |
Ethical hacking requires understanding both attack and defense. ethical hacking: session hijacking [author] videos
Modern browsers implement varying protections: | Level | Focus | Typical Tests |
Set-Cookie: sessionId=xyz; Secure; HttpOnly; SameSite=Strict; Max-Age=3600 | | 2 – Dynamic | Session fixation, predictable tokens