Scribd Logo
Upload

Welcome to Scribd!

  • 54 views

    Session Hijacking

    Uploaded by

    Haneesha Reddy
    This document defines session hijacking as a technique hackers use to gain unauthorized access to a user's computer session without having to authenticate. It discusses the different types of session hijacking and how it works by intercepting authentication cookies or tokens. The document also covers the methods, consequences, examples, tools used for session hijacking attacks and recommendations for prevention, such as two-factor authentication and monitoring session cookies.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Session Hijacking

    Uploaded by

    Haneesha Reddy
    54 views13 pages
    This document defines session hijacking as a technique hackers use to gain unauthorized access to a user's computer session without having to authenticate. It discusses the different types of session hijacking and how it works by intercepting authentication cookies or tokens. The document also covers the methods, consequences, examples, tools used for session hijacking attacks and recommendations for prevention, such as two-factor authentication and monitoring session cookies.

    Original Description:

    Original Title

    session_hijacking

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document defines session hijacking as a technique hackers use to gain unauthorized access to a user's computer session without having to authenticate. It discusses the different types of session hijacking and how it works by intercepting authentication cookies or tokens. The document also covers the methods, consequences, examples, tools used for session hijacking attacks and recommendations for prevention, such as two-factor authentication and monitoring session cookies.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    54 views13 pages

    Session Hijacking

    Uploaded by

    Haneesha Reddy
    This document defines session hijacking as a technique hackers use to gain unauthorized access to a user's computer session without having to authenticate. It discusses the different types of session hijacking and how it works by intercepting authentication cookies or tokens. The document also covers the methods, consequences, examples, tools used for session hijacking attacks and recommendations for prevention, such as two-factor authentication and monitoring session cookies.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 13

    SESSION HIJACKING

    Table of contents
    • What is Session Hijacking?
    • Types of session hijacking
    • How session Hijacking works
    • Methods of Session hijacking
    • Consequences of session hijacking
    • Examples of session hijacking
    • Tools to exploit session hijacking
    • How to prevent Session hijacking?
    • Lab on session hijacking
    • Conclusion
    • References
    What is Session Hijacking?
    • Technique used by hackers to gain access to a target’s
    computer

    • The attack has the ability to gain access to a server without


    having to authenticate to it

    • Hijackers usually target browser or web application sessions

    • It is also known as TCP session hijacking

    • Authentication typically done at the start of a TCP session

    • The most common method of session hijacking is called IP


    spoofing
    Types of session Hijacking
    Session Active
    Hijacking

    Passive
    How session Hijacking works
    Methods of Session hijacking
    • Brute force  • Session fixation 

    • Cross-site scripting  • Session sniffing

    • Malware • Predictable sessions token ID

    • Session side jacking • Man-in-the-browser attack

    • Session Poisoning • Session Replay 


    Consequences of session hijacking
    • The attacker can perform any action that the user was carrying out with his credentials.

    • The hacker can gain access to multiple web applications, from financial systems

    • The hacker can gain access to customer records to line-of-business systems

    • The attacker can use session hijacking cookies for identifying authenticated users in single sign-on systems (SSO)

    • Here are a few examples:

    o Attackers can log into bank accounts for transferring money

    o Hackers can use the access for online shopping

    o Hackers can get access to sensitive data and sell it on the dark web

    o Hackers can demand a ransom from the user in exchange for the data
     
    Examples of session hijacking
    • Zoom-bombarding

    • The Firesheep augmentation for Mozilla Firefox

    • GitLab

    • Slack
    Tools to exploit session hijacking
    Tools

    Manual Tools Automatic Tools


    OWASP ZAP Nikto
    Paros Proxy Nessus
    WebScarab Skipfish
    Burp Suite QualysGuard
    Wireshark Acunetix
    Live HTTP Headers Arachni
    Fiddler AppScan
    Tamper Data OpenVAS
    Charles Proxy Vega
    Netsparker
    How to prevent Session hijacking?
    • Block suspicious incoming traffic
    • Monitor session cookies
    • Implement two-factor authentication
    • Avoid public Wi-Fi
    • Use a VPN
    • Add security software
    • Watch out your scams
    • Be aware of site security.
    Lab On Session Hijacking
    Conclusion
    • Session Hijacking is a serious vulnerability that can compromise the security of your system

    • It is important to implement appropriate security measures to prevent and detect Session Hijacking attacks

    • Always check the URL bar when logging in to ensure that no suspicious links are present

    • Ensure that only authorized users are allowed to create sessions

    • Use strong authentication mechanisms

    • Keep your web applications up to date with the latest patches


    References
    • https://venafi.com/blog/what-session-hijacking/
    • https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/how-to-prevent-session-hijacking-attacks/#:~:text=
    Session%20hijacking%20is%20a%20technique,their%20personal%20information%20and%20passwords
    .
    • https://www.geeksforgeeks.org/session-hijacking/
    • https://in.norton.com/blog/id-theft/session-hijacking
    • https://www.wallarm.com/what/session-hijacking-attack
    • https://doubleoctopus.com/security-wiki/threats-and-tools/session-hijacking/
    • https://cqr.company/wiki/session-hijacking/
    • https://www.thesslstore.com/blog/the-ultimate-guide-to-session-hijacking-aka-cookie-hijacking/
    • https://geekflare.com/session-hijacking-prevention/

    You might also like