Skip to main content

SESSION HIJACKING

  • What is Session Hijacking ?
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

  • Techniques :
There are mainly three methods used to perpetrate a session hijack. These are:

1. Session Fixation:

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in.


For detailed info on How Session Fixation works click here.

2. Session Sidejacking:

where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.

1. First the attacker uses a network sniffer to capture a valid token session called Session ID.

2. Now he manipulates the token session to gain unauthorized access to the Web Server or hijack the victim's web session.



For detailed info on How Session Sidejacking works click here.

3. Cross-Site Scripting:

The attacker can compromise the session token by using malicious code or programs running at the client-side. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. The example shows how the attacker could use an XSS attack to steal the session token.




  • Protection :
1. Regenerating the session id after a successful login. This prevents session fixation because the attacker does not know the session id of the user after he has logged in.

2. Some services make secondary checks against the identity of the user. For example it will change the value of the cookie with each and every request.

3. Users may also wish to log out of websites whenever they are finished using them.

4. Encryption of the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce services.




Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...
Labels:

Comments

Post a Comment

Popular posts from this blog

Cookie Stealing Attack:Hack Any Account like Facebook ,Twitter , Gmail ,Hotmail ,Skype and yahoo

Cookie Stealing Attack: Hack Any Account like Facebook ,Twitter , Gmail , Hotmail , Skype and yahoo etc. Using this method you can hack Any Account like Facebook , Twitter , Gmail ,Hotmail ,Skype and yahoo etc. this works At LAN( local Area Network ) . its best place to hack at university, cafe , public place where computer are on one LAN simple Example WI-Fi. What is Cookies And how the use of stealing cookies? Cookies are file’s that stored on Any computer’s By any website when a you visits them . the cookie used by the web server to check the authenticate the Real user . like you Enter Login in Facebook then a unique string’s Generated and the one copy saved in the web server and other is saved on your Browser as a Cookie file . both are matched when you open a Account. so then finally we will start .  Step 1: Download the Wire Shark and install it.  Step 2: Next open the wire shark and then click on interface.  Step 3: Next choose a interface w...
1 comment
Continue reading »

How to Hack a Website ?

How to Hack a website First find a Vulnerable Website? Common Methods used for Website Hacking There are lots of methods that can be used to hack a website but most common ones are as follows: 1.SQL Injection 2.XSS(Cross Site Scripting) 3.Remote File Inclusion(RFI) 4.Directory Traversal attack 5.Local File inclusion(LFI) 6.DDOS attack Tools: Acunetix: Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities. Nessus: Nessus is the best unix venerability testing tool and among the best to run on windows . Key features of this software include Remote and local file security checks a client/server architecture with a GTK graphical interface etc. Retina: Retina is another Vulnerability Assessment tool,It scans all the hosts on a network and report on any vulnerabilities found. Metasploit Framework: The Metasploit Framework is the open source penetration...
3 comments
Continue reading »