SESSION HIJACKING

BY Vishal Punjabi

TOPICS

TCP Concepts-The 3 Way handshake Session hijacking Types Method Mitigations Tools Firesheep

The 3-way Handshake

What is Session Hijacking ?

Session hijacking is when an attacker gets access to the session state of a legitimate user.

The attacker steals a valid session ID which is used to get into the system and retrieve the data

3-Way Handshake

Session Hijacking

Session Hijacking

This is Spoofing not Hijacking

This is Hijacking

Types Of Session Hijacking Predictable session token Session sniffing Client side attacks (XSS, malicious JS codes,

trojans etc) Blind Hijack Man-in-the-middle (MITM)

Method (steps) Place yourself between the victim and the

target (you must be able to sniff the network) Monitor the flow of packets Predict the sequence number Optionally kill the connection to the victim’s

machine Take over the session Start injecting packets to the target server

Mitigations Use a secure HTTPS protocol Use a VPN when connecting remotely Protect access to your own networks Limit exposure to untrusted networks Educate the employees

Tools Juggernaut Hunt TTY Watcher IP Watcher T-Sight Parros HTTP Hijacker DroidSheep for Android Firesheep (Firefox addon)

Firesheep Firesheep is a free,

open source, and is now available for Mac OS X and Windows.

Linux support is on the way.

Find it here-https://github.com/codebutler/firesheep/downloads