Closed ctvlab-com closed 5 months ago
eljeffeg
commented
5 months ago So this happens when the session ip address doesn't equal the request ip address. I just added an option disable_hijack_protection that will ignore that check if enabled.
eljeffeg
commented
5 months ago One thing you may want to do is set x_headers to True in the RTB config and check your reverse proxy is including forwarder headers, such as X-Real-IP or X-Forwarded-For.
After a short period of time, while using RootTheBox, the session ends and returns to the login screen. To reproduce, I click around on different links, and after about 2 minutes, the session ends.
Information about my environment:
I managed to see a pattern in the logs when this occurred. The SecurityDecorators Session hijack attempt seems to be the constant.
webapp-1 | [I 240320 17:41:41 web:2348] 200 GET /admin/configuration (172.xxx.xxx.xxx) 64.06ms webapp-1 | [I 240320 17:41:41 ConfigHelpers:15] Saving current config to: files/rootthebox.cfg webapp-1 | [I 240320 17:41:42 web:2348] 101 GET /connect/notifications/updates (108.xxx.xxx.xxx) 1.57ms webapp-1 | [W 240320 17:42:28 SecurityDecorators:77] Session hijack attempt from 108.xxx.xxx.xxx? webapp-1 | [I 240320 17:42:28 web:2348] 302 POST /admin/configuration (108.xxx.xxx.xxx) 6.26ms webapp-1 | [I 240320 17:42:28 ConfigHelpers:15] Saving current config to: files/rootthebox.cfg webapp-1 | [I 240320 17:42:28 web:2348] 200 GET /login (108.xxx.xxx.xxx) 6.14ms webapp-1 | [I 240320 17:42:30 web:2348] 101 GET /connect/notifications/updates (108.xxx.xxx.xxx) 1.58ms
Is it possible to disable this feature temporarily for testing?