Session Hijacking
Session Hijacking is when an attacker gets access to Session Hijacking is when an attacker gets access to the session state of a particular user. The attacker steals a valid session ID which is used to get into the system and snoop the data.
TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.
Types of Session Hijacking
There are two types of session hijacking attacks:
Active: In an active attack, an attacker finds an active session and takes over
Passive: With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth.
Steps in Session Hijacking
- Place yourself between the victim and the target (you must be able to sniff the network)
- Monitor the flow of packets
- Predict the sequence number
- Kill the connection to the victim’s machine
- Take over the session
- Start injecting packets to the target server.
| Tools | Description |
| Juggernaut | Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux operating systems |
| Hunt | Hunt is a program that can be used to listen, intercept, and hijack active sessions on a network |
| IP Watcher | IP watcher is a commercial session hijacking tool that allows you to monitor connections and has active facilities for taking over a session |
| Paros HTTP Hijacker | Paros is a man-in-the-middle proxy and application vulnerability scanner |
| T-Sight | T-Sight is a session hijacking tool for Windows |
No comments:
Post a Comment