Understanding Session Hijacking

Session hijacking is synonymous with a stolen session, in which an attacker intercepts and takes over a legitimately established session between a user and a host. The user-host relationship can apply to access of any authenticated resources, such as a web server, Telnet session, or there TCP-based connection. Attacker place themselves between the user and host, thereby letting them monitor user traffic and launch specific attacks. Once a successful session hijack has occurred, the attacker can either assume the role of the legitimate user or simply monitor the traffic for opportunity times to inject or collect specific packets to create the desired effect.

In its most basic sense, a session is an agreed-upon period of time under which the connected state of the client know (or think they know) who each other are, and baed on this knowledge, they can trust that sent either way will end up in the hands of the appropriate party.

If a session hijack is carried out successfully, what is the danger? Several events can take place at this point, including identity theft and data corruption. In other situations session hijacks have made for a perfect mechanism through which someone can sniff traffic or record transactions.

Understanding what constitutes a session makes it easy to see how session hijacking can be extemely effective when all supportin factorer are set up correctly. Many of the prerequisite setup factors involved in session hijacking have already been discussed in previous article. For example. A specific form of hijacking involves using a sniffer both prior to and during an attack, and you learned about sniffers.

An attacker carrying out a session hijack is seeking to take over a session for their own needs. Once they have taken over a session. They can then go about stealing data, issuing this article. We will explore various forms of session hijacking.

Sessions are hijacks are easy to launch. TCP/IP is vulnerable, and most countermeasures, except for encryption, do not work. The following also contribute to the success of session hijacking:

  • No account lockout for invalid session IDs
  • Insecure handling
  • Weak session ID generation algorithm
  • Indefinite session expiration time
  • Cleartext transmission
  • Small session IDs

Session hijacking typically can be broken down into one of three primary techniques.

Brute-Forcing as ID This is done by guessing an ID; usually the attacker already has some knowledge of the range of IDs available. The Attacker may be aided by the usee of HTTP referrers, sniffing, cross-site scripting, or malware.

Stealing an ID If they can manage it, an attacker will steal an ID by using sniffing or other means.

Calculating an ID An attacker will attempt to calculate a valid session ID simply by looking at an existing one and then figuring out the sequence.

Note:- So what is session ID? Its form can vary a bit depending on wheather we are talking about an application or a network, however, in both cases it is usually some form of alphanumeric sequence that unquely identifies a specific connection. A session ID could look like 123456cbcdef, for example, but usually with a lot more entropy or randomness sprinkled in. Capturing, guessing, or calculating an ID allows the attacker to take over a connection or session.

NOTE THAT SESSION IDs ARE ALSO KNOWN AS SESSION TOKENS.

 

Add a Comment