Post on 19-Nov-2014
description
SESSION HIJACKING
BY Vishal Punjabi
TOPICS
TCP Concepts-The 3 Way handshake Session hijacking Types Method Mitigations Tools Firesheep
The 3-way Handshake
What is Session Hijacking ?
Session hijacking is when an attacker gets access to the session state of a legitimate user.
The attacker steals a valid session ID which is used to get into the system and retrieve the data
3-Way Handshake
Session Hijacking
Session Hijacking
This is Spoofing not Hijacking
This is Hijacking
Types Of Session Hijacking Predictable session token Session sniffing Client side attacks (XSS, malicious JS codes,
trojans etc) Blind Hijack Man-in-the-middle (MITM)
Method (steps) Place yourself between the victim and the
target (you must be able to sniff the network) Monitor the flow of packets Predict the sequence number Optionally kill the connection to the victim’s
machine Take over the session Start injecting packets to the target server
Mitigations Use a secure HTTPS protocol Use a VPN when connecting remotely Protect access to your own networks Limit exposure to untrusted networks Educate the employees
Tools Juggernaut Hunt TTY Watcher IP Watcher T-Sight Parros HTTP Hijacker DroidSheep for Android Firesheep (Firefox addon)
Firesheep Firesheep is a free,
open source, and is now available for Mac OS X and Windows.
Linux support is on the way.
Find it here-https://github.com/codebutler/firesheep/downloads