fc_11_session_hijacking Flashcards
What is session hijacking?
- Session hijacking refers to an attack where an attacker takes over a valid TCP communication session between two computers
- Since most authentication only occurs at the start of a TCP session, this allows the attacker to gain access to a machine
- Attackers can sniff all the traffic from the established TCP sessions and perform identity theft, information theft, fraud, etc. The attacker steals a valid session ID and uses it to authenticate himself with the server
- A session hijacking attack refers to the exploitation of a session-token generation mechanism or token security controls so that the attacker can establish an unauthorized connection with a target server.
Why are session hijacking attacks successful?
- No account lockout out for invalid session ID
- Weak Session ID generation algoritm or small session IDs
- Insecure handling of session id
- indefinate session expiration time
- Countermeasures dont work unless you use encryption
- Most computers using TCP/IP are vulnerable
Session Hijacking Processes 5 steps ka diagram
a
Packet Analysis of a Local Session Hijack (not ratta)
a
Types of Session Hijacking (read)
a
Session Hijacking in OSI Model
a
Spoofing vs. Hijacking
a
Application Level Session Hijacking
a
Compromising Session IDs using Sniffing and by Predicting Session Token
a
How to Predict a Session Token
a
Compromising Session IDs Using Man-in-the-Middle Attack
a
Compromising Session IDs Using Man-in-the-Browser Attack
a
Steps to Perform Man-in-the-Browser Attack
a
Compromising Session IDs Using Client-side Attacks
a
Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
a
Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack
a
