Hacker News new | ask | show | jobs
by motorest 315 days ago
> I'm all ears, please provide one potential way.

Just Google for session hijacking attacks. There's a wealth of information on the topic. It's a regular entry in OWASP top 10.
1 comments
thdhhghgbhy 315 days ago
I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows. So that just leaves mitm, which as I said, is effectively breaking https.
link
motorest 315 days ago
> I did, and xss and session sniffing listed on the OWASP web page, would be prevented by following OAuth flows.

OWASP's page lists 3 more examples which it seems you omitted for some reason.

link