Session hijacking refers to an attack where an attacker takes control of a valid TCP communication session between two computers by stealing the session ID. This allows the attacker to gain unauthorized access to a machine. There are different types of session hijacking attacks, including passive attacks where the attacker just monitors traffic, and active attacks where the attacker seizes control of the session. Session IDs can be compromised through sniffing network traffic, predicting session tokens, man-in-the-middle attacks, and client-side attacks like cross-site scripting.
Session hijacking refers to an attack where an attacker takes control of a valid TCP communication session between two computers by stealing the session ID. This allows the attacker to gain unauthorized access to a machine. There are different types of session hijacking attacks, including passive attacks where the attacker just monitors traffic, and active attacks where the attacker seizes control of the session. Session IDs can be compromised through sniffing network traffic, predicting session tokens, man-in-the-middle attacks, and client-side attacks like cross-site scripting.
Session hijacking refers to an attack where an attacker takes control of a valid TCP communication session between two computers by stealing the session ID. This allows the attacker to gain unauthorized access to a machine. There are different types of session hijacking attacks, including passive attacks where the attacker just monitors traffic, and active attacks where the attacker seizes control of the session. Session IDs can be compromised through sniffing network traffic, predicting session tokens, man-in-the-middle attacks, and client-side attacks like cross-site scripting.
Session hijacking refers to an attack where an attacker takes control of a valid TCP communication session between two computers by stealing the session ID. This allows the attacker to gain unauthorized access to a machine. There are different types of session hijacking attacks, including passive attacks where the attacker just monitors traffic, and active attacks where the attacker seizes control of the session. Session IDs can be compromised through sniffing network traffic, predicting session tokens, man-in-the-middle attacks, and client-side attacks like cross-site scripting.
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 14
MODULE 11
Session Hijacking EC-Council, . Certified Ethical Hacker (CEH) Version 12. Available from: VitalSource Bookshelf, (12th Edition). International Council of E- .Commerce Consultants (EC Council), 2022 What is Session Hijacking? • Session hijacking refers to an attack in which an attacker seizes control of a valid TCP communication session between two computers
• As most authentications only occur at the start of a TCP
session, this allows the attacker to gain access to a machine.
• Attackers can sniff all the traffic from the established TCP sessions and perform identity theft, information theft, fraud, etc.
• The attacker steals a valid session ID and uses it to
authenticate himself with the server. Why is Session Hijacking Successful? • Absence of account lockout for invalid session IDs
• Indefinite session timeout
• Weak session-ID generation algorithm or small session IDs
• Most computers using TCP/IP are vulnerable
• Insecure handling of session IDs
• Most countermeasures do not work without encryption
Session Hijacking Process Types of Session Hijacking • Passive • In a passive attack, an attacker hijacks a session but sits back, watches, and records all the traffic in that session • Active • In an active attack, an attacker finds an active session and seizes control of it Session Hijacking in OSI Model
Network-Level Hijacking
Network-level hijacking can be defined as the interception of packets during the transmission between a client and the server in a TCP or UDP session
Application-Level Hijacking
Application-level hijacking refers to gaining control over the HTTP’s user session by obtaining the session IDs Spoofing vs. Hijacking Spoofing Attack Hijacking • Session hijacking is the process of • An attacker pretends to be another seizing control of an existing active user or machine (victim) to gain access session
• The attacker does not seize control of • The attacker relies on the legitimate an existing active session; instead, he user to create a connection and or she initiates a new session using the authenticate victim’s stolen credentials Application-Level Session Hijacking In a session hijacking attack, a session token is stolen or a valid session token is predicted to gain unauthorized access to the web server
A session token can be compromised in various ways
Session sniffing Predictable session token
Man-in-the-middle attack Man-in-the-browser attack Cross-site scripting (XSS) attack Cross-site request forgery attack Session replay attack Session fixation attack CRIME attack Forbidden attack Session donation attack PetitPotam hijacking Network-Level Session Hijacking Compromising Session IDs using Sniffing and by Predicting Session Token How to Predict a Session Token Compromising Session IDs Using Man-in-the- Middle/Manipulator-in-the-Middle Attack Compromising Session IDs Using Man-in-the- Browser /Manipulator-in-the-Browser Attack • The man-in-the-browser/manipulator-in-the-browser attack uses a Trojan horse to intercept the calls between the browser and its security mechanisms or libraries
• It works with an already installed Trojan horse and acts between the browser and its security mechanisms
• Its main objective is to cause financial deceptions by manipulating
transactions of Internet banking systems Compromising Session IDs Using Client- side Attacks • Cross-Site Scripting (XSS) • XSS enables attackers to inject malicious client-side scripts into the web pages viewed by other users • Client Malicious JavaScript Codes • A malicious script can be embedded in a web page that does not generate any warning, but it captures session tokens in the background and sends them to the attacker • Trojans • A Trojan horse can change the proxy settings in the user’s browser to send all the sessions through the attacker’s machine
(Cultural Encounters in Late Antiquity and the Middle Ages, 41) Ildikó Csepregi - Incubation in Early Byzantium_ The Formation of Christian Incubation Cults and Miracle Collections-Brepols (2024)
(Cultural Encounters in Late Antiquity and the Middle Ages, 41) Ildikó Csepregi - Incubation in Early Byzantium_ The Formation of Christian Incubation Cults and Miracle Collections-Brepols (2024)
