Hacking,
Internet Hacks
What is Session Hijacking? and also Bypassing Login using Session Stealing?
What is Session Hijacking?
Session Hijacking is Stealing the existing active
Session. The main purpose of Session Hijacking is to bypass
authentication process and gain unauthorized access to the computer or
Website. In simple words , hackers will login as some other client using
their Sessions.
TCP session
hijacking is when a hacker takes over a TCP session between two
machines. Since most authentication only occurs at the start of a TCP
session, this allows the hacker to gain access to a machine
Different Session Hijacking methods:
Session stealing is achieved by following methods
1. Session fixation:
In this
method, the Hacker sets a user's session id to known victim. For
example, Hacker will send email to known victim with a link that
contains a particular session id. If the victim followed that link, the
hacker can use that session and gain access.
2. Session SideJacking(session Sniffing):
In this method,
the attacker use packet sniffing to and steal the Session cookie. In
order to prevent this, some websites use SSL(encrypts the session). but
do not use encryption for the rest of the site once authenticated. This
allows attackers that can read the network traffic to intercept all the
data that is submitted to the server or web pages viewed by the client.
Unsecured Hotspots are vulnerable to this type of Session Hijacking.
3. Client-side attacks (XSS, Malicious JavaScript Codes, Trojans, etc):
Hacker can
steal the Session by running the Malicious Javascript codes in client
system. Usually hackers attack some websites using XSS and insert their
own Malicious Javascript codes.
In client point
view it is trusted website, he will visit the website. When victim
visit the link , Malicious Javascript will executed. It will steal the
Session cookies and other confidential data.
4. Physical access:
If the
hacker has physical access, it is easy for him to steal the Session.
Usually this will occur in public cafe. In public cafe , one use login
to some websites(facebook, gmail). A hacker come after victim can
steal the session cookies.
Session Hijacking using Firesheep-Mozilla Addon:
Firesheep is Famous
Mozilla addon that made Session Hijacking very easy. Using Firesheep ,
you can steal the Session of Public WI FI users. Using Firesheep, you
can gain access to victim account of the Facebook, twitter and some
other websites.
0 comments