Session Hijacking..

[A] What Is Session Hijacking?

Session hijacking is the process by which an attacker obtains access to a particular user's session state. The attacker acquires a valid session ID in order to get access to the system and spy on data. WhatsApp Sniffer is one well-known session hijacking exploit. Kevin Mitnick launched the first session hijacking attack on Christmas Day 1994, when http 0.9 was published.

[B] Spoofing vs. Hijacking

? Spoofing

Spoofing is the act of making a communication from an unknown source appear to be from a reliable, well-known source. Spoofing can be found in emails, phone calls, and websites, or it can be more complex and involve a machine posing as an IP address, Address Resolution Protocol (ARP), or DNS server.

? Hijacking

[C] Types of Session Hijacking

Two types of session hijacking.

1) Active: In an active attack, an attacker finds an active session and seizes control.

2) Passive: In a passive attack, the attacker takes control of a session while examining and recording all of the back-and-forth communication.

[D] Session Hijacking Levels

In two stages, session hijacking occurs:

1. Level of the Network: Network level interception is the process of intercepting packets as they are being transmitted between a client and a server in a TCP and UDP connection.

2. Level of Application: Obtaining the session IDs is necessary to gain application-level control over an HTTP user session.

Because network level session hijacking allows hackers to obtain vital information that they may utilize to target application-level sessions, it is especially appealing to them.

TCP/IP hijacking is one type of network level hijacking. Source Routed Packets (IP Spoofing) Hijacking of RST Hijacking without vision Man in the Center: UDP Hijacking by Packet Sniffer

Blind Hijacking Blind hijacking is the process by which an attacker inserts malicious commands and other information into two hosts' intercepted interactions. The hacker can contribute information or comments, but they cannot see the response.

Man in the Middle: UDP Hijacking and Packet Sniffer (MITM) in this assault, a packet sniffer is used to interface between the client and server. The packets are routed via the hijacker's host in two ways between the client and the server:

1. ICMP, or Internet Control Message Protocol

2. Spoofing ARP UDP Hijacking: The attacker's task can be reduced by using a Man in the Middle attack.

Application-Level Session Hijacking

At this stage, the hacker accesses the session IDs in order to take over the current session or even start a brand-new, illegal one.

Application-level session hijacking includes:

Obtaining Session ID’s

Sniffing

Brute Force

Misdirected Trust

[E] Session Hijacking Tools

? Wire Shark: packet sniffing

? Hunt: Unix base, sequence number prediction; Juggernaut: Linux base, network flow

? IP Watcher: commercial software; ? TTY Watcher: observe, monitor, and control users' systems

? T-Sight: Commercial software for Windows

? Paros HTTP Hijacker: scanning for application vulnerabilities, filtering, proxy-chaining, and spidering.

? Hjksuite Tool:

? Several open-source scripts, such as cookie injector, and the DnsHijacker Tool.

[F] Prevention of Session Hijacking

Four main strategies can be used to prevent session hijacking:

1. The use of encryption

2. Relationships

3. Software for preventing viruses

4. Training for employees

[G] Session Hijacking practical

Step 1: Search the victim's browser for any online store; in this example, we use BigBasket.

Step 2: Visit the website and click the register or login link on the right.

Step 3: Sign up or log in by entering your credentials.

Step 4: In this case, the contact number is used in the sign-up process.

Step 5: Enter the one-time password that was texted to your phone to complete the registration process.

Step 6: To finish the sign-up procedure, fill out the necessary information.

Step 7: Next, select "Start Shopping."

Step 8: In the right-hand corner of the victim's browser, the user name Aditya indicates that they joined up.

Step 9: Additional information about the victims' accounts is shown here.

Step 10: Press Function key+F12 to see the cookies' details as they appear in the figure below.

Step 11: To obtain the session ID of the victim's active session on the Big Basket website, click on the application and then on the cookies option located on the left side of the screen.

Step 12: Among the information we get from cookies are name, value, domain, and numerous other facts. We then duplicate the given value after looking for the Session Id.

Step 13: To swiftly log in without providing your login credentials, launch the Big Basket website in a different browser (Attackers).

Step 14: It is evident that nobody is logged in at this point.

Step 15: Press Function key+F12 again to display the cookies information.

Step 16: Select Storage and then Cookies from the menu on the left. Next, determine the value of the Session Id.

Step 17: Use the attacker's session ID value in place of the one that was taken from the victims' browser.

Step 18: Enter the new value, then reload the page to log in using the victim's login information, which is displayed on the right side of the picture.

Report this article