Tag: Session

testdisk – Restore Session Buddy files from deleted `.config/google-chrome`

I use the Sessions Buddy Chrome extension to compartmentalize interesting links to different domains of interest.

Today, I’ve got a notification from Chrome saying that I should reinstall it (the automatic update failed). I did reinstall Chrome in the past, after backing up my Session Buddy data, and was happy to see that reinstalling Chrome actually saved my sessions data. So, I thought, I need not worry now.
I’ve re-installed Chrome and everything went fine. Sessions were there. Except that it still told me that my Chrome version is old.

I’ve purged Chrome from my computer, removed ~/.configs/google-chrome. Then reinstalled again. Synced with my google account. Now my Chrome is updated, but, of course, all my Session Buddy data is gone. On top of that, another google-chrome folder has been created.

In a desperate hope to restore this data, I have installed PhotoRecand it has revealed hundreds of thousands of files.

  • How can I identify which data belongs to Session Buddy?
  • Has anyone managed to restore the data this way?
  • Is there any other way to restore my sessions?

web application – Securing session storage and whether appropriate for Open Banking

I’m currently building a web application that utilises Open Banking through Plaid. This means that it pulls a users banking details through a generated ‘access token’.

I’ve been toying with the concept of how to persist this user data. My reasoning for this is that the Plaid API gets pulled on every web page that requires it, and so it causes a several second ‘loading’ to process – which if you’re navigating round my app is frustrating.

This is a poor user experience in my opinion, and so I’d prefer to somehow persist this data without having to make a server call.

To do this, I’ve initially gone for session storage. I know many people say this is vulnerable to things such as XSS etc, but it’s convenient and works well.

I’m a little uneasy with storing the results of a server call locally though, for obvious reasons.

Currently, the data which is pulled and therefore stored locally is:

  • Firebase user ID
  • Account id
  • Balance
  • Type of account
  • Last four digits of account number
  • Account provider
  • Consent expiration time
  • Transactions
  • Database ID

And a bunch of other status codes.

The actual data itself isn’t personally identifiable, or usable for anything malicious to my knowledge. No passwords are stored locally, the access token is only ever exchanged via my server, and it is encrypted so not publicly visible as plain text should my database ever get hacked.

So I guess my question is, how secure is this? Is it actually a security problem considering the data can’t be explicitly used for malicious purposes? The only time it would be a problem (in my opinion) would be if my server / database was accessed with the encryption key.

Other alternatives are..

  • Encrypt the data that is stored in session storage, but is this pointless?
  • Not use session storage at all

Or can anybody suggest any other alternatives?

I know people on here will be much more experienced than me with this – so open to any suggestions. Please let me know, it’d be appreciated.

How to reset session context/variables in JDBC pooled connections – MySQL / Oracle

In my application I have multithreads that needs to access database and I am using apache.tomcat.jdbc.pool.DataSource as a JDBC connection pool.

In some cases users execute stored procedures that might affect the database session context/variables before executing another query to retrieve some data.

Is there a way to enforce closing the connection instead of just returning it to pool. Or how can we clear/reset the connection session context/variables for MySQL or Oracle using a stored procedure.

Google Chrome: Restoring last session from backup session

How does one restore a session and tabs on Google Chrome from the backup file I put in the Session folder (the filename for the session data file is Session_13253803673789776 and the one for the tabs data file is Tabs_13253803674207574)? Because when I put it in the Sessions folder in the Chrome user data (specifically the folder named “Default”), it didn’t recognize it.

Does MySQL support defining a table inside a session without appending it to the database?

As per stated in the title. Does MySQL support defining locally a table? (as a ‘local variable’ perhaps?)

I understand (according to ‘Source’) that MySQL has ‘two types of variables’: (1) local and (2) user variables, nevertheless neither can be a whole table.

Source:

EDIT: I think that using the ‘temporary’ flag in ‘create’ is the answer

CREATE (TEMPORARY) TABLE (IF NOT EXISTS) tbl_name

from the docs: https://dev.mysql.com/doc/refman/8.0/en/create-table.html

security – Exploit completed but no session was created

I was trying a pen-test on my PC by WSL and Kali. Everything was fine till the payload I made was created and executed on my target PC. I also got a session back. But the main problem comes here. I tried to bypass the UAC. I tried nearly 4-6 modules (which I got as a search result after executing
search uac). Everything goes fine but the session is not created. I used “Portmap.io” to port forward (free plan). I have a doubt though. I think it is due to the port forwarding. Both the exploits, the Original Payload and the UAC module try to connect to the same port on the same IP. So maybe two connections could not take place on the same port. I cannot change that as it is a free plan and I will get only 1 port per IP. If anyone can help me please help!!! I am thankful to you.

reactjs – ElectronJS app with credential sharing external servers for cookie and session storage

I want to store a session cookie that a server sends but cors is blocking it,since the origin of the request is not a from a http://www.someaddress.com so I cant whitelist it, in the cors and axis I’m passing the parameter credentials:true. Some forus say to use origin:’*’ but then that gets denied