Question

Ben's successful attack on an authenticated user required him to duplicate the cookies that the web application put in place to identify the legitimate user. What type of attack did Ben conduct?

A. Impersonation
B. MitM
C. Session hijacking
D. Privilege escalation

Answer 1

Ben carried out a session hijacking attack by duplicating cookies to impersonate a legitimate user and gain unauthorized access to their web application sessions.

Step-by-step explanation:

Ben conducted a session hijacking attack. This type of cyber-attack involves the unauthorized interception and use of session tokens, such as cookies, that authenticate a user to a web application. By duplicating these cookies, Ben is able to masquerade as the legitimate user and gain access to their sessions without the need to know the user's login credentials. It is important to understand that this attack takes advantage of an established session between the client and the web application. Measures such as using HTTPS, implementing proper session management, and utilizing secure cookies can help mitigate such attacks.