TCIL-IT Certified Ethical Hacker

Module Session Hijacking

www.facebook.com/officialrahultyagi

Topics• Session Hijacking

• Difference Between Spoofing & Hijacking

• Types of Session Hijacking

• Session Hijacking Tools

• Session Hijacking With Firesheep

• Preventions to Session Hijacking

• Conclusion

www.facebook.com/officialrahultyagi

Session Hijacking

Session Hijacking is when an attacker gets access to the session state of a particular user.

The attacker steals a valid session ID which is used to get into system and retrieve the data

www.facebook.com/officialrahultyagi

Spoofing & Hijacking

In spoofing , an attacker does not actively take another user offline to perform the attack. He mainly pretends to be another user or machine to gain access.

Its done through Cain n Abel

www.facebook.com/officialrahultyagi

Spoofing & Hijacking

Hijacking is done only after

victim has connected to the

server. With hijacking , an

attacker takes over an existing

session, which means he relies

on the legitimate user to make a

connection and authenticate.

At last the attacker takes over

the session.

www.facebook.com/officialrahultyagi

Steps in Session Hijacking

1.First you should able to sniff the network

2.Monitor the flow of packets

3. Predict the sequence number

4.Kill the connection to the victim’s machine

5. Take over the session

6. Start injecting packets to the target server

www.facebook.com/officialrahultyagi

Types of Hijacking

Active:- In an active attack , an attacker finds an active session and takes over.

Passive:- With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that s being sent forth

www.facebook.com/officialrahultyagi

Session Hijacking With Firesheep

Firesheep

Firesheep is free, open source, and is

available now for Mac OS X and

Windows. Linux support is on the way.

When logging into a website you

usually start by submitting your

username and password. The server

then checks to see if an account

matching this information exists and if

so, replies back to you with a "cookie"

which is used by your browser for all subsequent requests.

www.facebook.com/officialrahultyagi

Session Hijacking With Firesheep

It's extremely common for websites to

protect your password by encrypting

the initial login, but surprisingly

uncommon for websites to encrypt

everything else. This leaves the

cookie (and the user) vulnerable.

HTTP session hijacking (sometimes

called "sidejacking") is when an

attacker gets a hold of a user's cookie,

allowing them to do anything the user

can do on a particular website. On an

open wireless network, cookies are

basically shouted through the air, making these attacks extremely easy.

www.facebook.com/officialrahultyagi

Session Hijacking With Firesheep

After installing the extension you'll see

a new sidebar. Connect to any busy

open wifi network and click the big

"Start Capturing" button. Then wait.

www.facebook.com/officialrahultyagi

Session Hijacking With Firesheep

As soon as anyone on the network

visits an insecure website known to

Firesheep, their name and photo will be displayed:

www.facebook.com/officialrahultyagi

Session Hijacking With Firesheep

Double-click on someone, and you're instantly logged in as them.

www.facebook.com/officialrahultyagi

Conclusion

Websites have a responsibility to protect the

people who depend on their services. They've

been ignoring this responsibility for too long, and

it's time for everyone to demand a more secureweb.

www.facebook.com/officialrahultyagi