Upload
amarjit-singh
View
2.479
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Session Hijacking By Rahul Tyagi Ethical Hacker from Punjab TCIL-IT Certified Ethical Hacker
Citation preview
TCIL-IT Certified Ethical Hacker
Module Session Hijacking
www.facebook.com/officialrahultyagi
Topics• Session Hijacking
• Difference Between Spoofing & Hijacking
• Types of Session Hijacking
• Session Hijacking Tools
• Session Hijacking With Firesheep
• Preventions to Session Hijacking
• Conclusion
www.facebook.com/officialrahultyagi
Session Hijacking
Session Hijacking is when an attacker gets access to the session state of a particular user.
The attacker steals a valid session ID which is used to get into system and retrieve the data
www.facebook.com/officialrahultyagi
Spoofing & Hijacking
In spoofing , an attacker does not actively take another user offline to perform the attack. He mainly pretends to be another user or machine to gain access.
Its done through Cain n Abel
www.facebook.com/officialrahultyagi
Spoofing & Hijacking
Hijacking is done only after
victim has connected to the
server. With hijacking , an
attacker takes over an existing
session, which means he relies
on the legitimate user to make a
connection and authenticate.
At last the attacker takes over
the session.
www.facebook.com/officialrahultyagi
Steps in Session Hijacking
1.First you should able to sniff the network
2.Monitor the flow of packets
3. Predict the sequence number
4.Kill the connection to the victim’s machine
5. Take over the session
6. Start injecting packets to the target server
www.facebook.com/officialrahultyagi
Types of Hijacking
Active:- In an active attack , an attacker finds an active session and takes over.
Passive:- With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that s being sent forth
www.facebook.com/officialrahultyagi
Session Hijacking With Firesheep
Firesheep
Firesheep is free, open source, and is
available now for Mac OS X and
Windows. Linux support is on the way.
When logging into a website you
usually start by submitting your
username and password. The server
then checks to see if an account
matching this information exists and if
so, replies back to you with a "cookie"
which is used by your browser for all subsequent requests.
www.facebook.com/officialrahultyagi
Session Hijacking With Firesheep
It's extremely common for websites to
protect your password by encrypting
the initial login, but surprisingly
uncommon for websites to encrypt
everything else. This leaves the
cookie (and the user) vulnerable.
HTTP session hijacking (sometimes
called "sidejacking") is when an
attacker gets a hold of a user's cookie,
allowing them to do anything the user
can do on a particular website. On an
open wireless network, cookies are
basically shouted through the air, making these attacks extremely easy.
www.facebook.com/officialrahultyagi
Session Hijacking With Firesheep
After installing the extension you'll see
a new sidebar. Connect to any busy
open wifi network and click the big
"Start Capturing" button. Then wait.
www.facebook.com/officialrahultyagi
Session Hijacking With Firesheep
As soon as anyone on the network
visits an insecure website known to
Firesheep, their name and photo will be displayed:
www.facebook.com/officialrahultyagi
Session Hijacking With Firesheep
Double-click on someone, and you're instantly logged in as them.
www.facebook.com/officialrahultyagi
Conclusion
Websites have a responsibility to protect the
people who depend on their services. They've
been ignoring this responsibility for too long, and
it's time for everyone to demand a more secureweb.
www.facebook.com/officialrahultyagi