What type of attack could a penetration tester perform after capturing tokens from an HTTP-based login?

The ability to perform a session hijacking attack after capturing tokens from an HTTP-based login is highly relevant in the context of web security. This type of attack involves taking control of a user session by gaining access to session tokens or cookies that are used to authenticate a user on a web application.

When a penetration tester captures a session token, they can impersonate the user who originally authenticated, essentially taking over that user's session. This means they can perform actions on behalf of the user, access sensitive data, or exploit the application in ways the legitimate user could not have anticipated.

The likelihood of a session hijacking attack increases in scenarios where tokens are not securely transmitted or stored. For instance, if tokens are exposed over unencrypted channels or have weak session management policies, it allows an attacker to easily capture and reuse these tokens to hijack a session.

In contrast, while other attacks, like credential stuffing or replay attacks, involve different techniques or objectives, session hijacking specifically targets the validity of an active session established via token-based authentication. Understanding this distinction is crucial for recognizing how session management vulnerabilities can be exploited in real-world attacks.