session hijacking ppt

04/10/2023 05:03 AM

1Session HijackingTheft On The Web

By Mr. Kevadiya Harsh j.

By Kevadiya Harsh Guided by Prof.Mayuri Mehta

04/10/2023 05:03 AM


2 Outline

Session Hijacking

Difference Between Spoofing and Hijacking

Types of Session Hijacking

Network and Application Level of Session Hijacking

Steps to Conduct a Session Hijacking Attack

Session Hijacking Tools

Detection and Prevention of Session Hijacking

04/10/2023 05:03 AM


3 What Is Session Hijacking

Session Hijacking is when an attacker gets access to the session state of a particular user.

The attacker steals a valid session ID which is used to get into the system and snoop the data.

WhatsApp Sniffer is popular Session Hijacking attack.

Session Hijacking first attack on Christmas day 1994 by Kevin Mitnick when http 0.9 was release.

04/10/2023 05:03 AM


4 Spoofing vs. Hijacking

Spoofing :

04/10/2023 05:03 AM


5 Spoofing vs. Hijacking(cont’d)

Hijacking:

04/10/2023 05:03 AM


6 Types of Session Hijacking

There are 2 types of Session Hijacking

1) Active :

In an active attack, an attacker finds an active session and takes over.

2) Passive :

With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth.

04/10/2023 05:03 AM


7 Session Hijacking Levels

Session hijacking takes place at two levels:

1. Network Level:

Network level can be defined as the interception of the packets during the transmission between client and the server in a TCP and UDP session

2. Application Level:

Application level is about gaining control on HTTP user session by obtaining the session ID’s

04/10/2023 05:03 AM


8 Network Level

Network level session hijacking is particularly attractive to hackers because it provides some critical information to the attacker which is used to attack application level sessions

Network level hijacking includes:

TCP/IP Hijacking

IP Spoofing: Source Routed Packets

RST Hijacking

Blind Hijacking

Man in the Middle: Packet Sniffer

UDP Hijacking

04/10/2023 05:03 AM


9 TCP/IP Hijacking

04/10/2023 05:03 AM


10 IP Spoofing: Source Routed Packets

IP spoofing is “a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.”

04/10/2023 05:03 AM


11 RST Hijacking

RST hijacking involves injecting an authentic-looking reset (RST) packet.

Spoof the source address and predict the acknowledgment number.

The victim will believe that the source actually sent the reset packet and will reset the connection.

04/10/2023 05:03 AM


12 Blind Hijacking

In blind hijacking, an attacker injects data such as malicious commands into intercepted communications between two hosts.

The hacker can send the data or comments but has no access to see the response.

04/10/2023 05:03 AM


13 Man in the Middle: Packet Sniffer (MITM) and UDP Hijacking

In this attack, the packet sniffer is used to interface between the client and the server.

The packets between the client and the server are routed through the hijacker’s host by using two techniques:

1. Internet Control Message Protocol (ICMP)

2. ARP spoofing

UDP Hijacking:

Man in the Middle attack in the UDP hijacking can minimize the task of the attacker.

04/10/2023 05:03 AM


14 Application Level Session Hijacking

In this level, the hacker gains the session ID’s to get control of the existing session or even create a new unauthorized session

Application level session hijacking includes:

Obtaining Session ID’s

Sniffing

Brute Force

Misdirected Trust

04/10/2023 05:03 AM


15 Implements

There is a well-known saying that

“Ideas without implementation is hallucination.”

04/10/2023 05:03 AM


16 Session Hijacking Tools

WireShark: sniffing packets

Juggernaut: Linux base, Flow across the network

Hunt: Unix base, sequence number prediction

TTY Watcher: sun, monitor and control users system

IP Watcher: commercial Software

T-Sight : Windows , Commercial software

Paros HTTP Hijacker: spidering, proxy-chaining, filtering, application vulnerability scanning.

Hjksuite Tool:

DnsHijacker Tool and many open source scripts like cookie injector.

04/10/2023 05:03 AM


17 Detection of Session Hijacking

Why we want to detect?

Detection Method

Manual Method Automatic Method

Using Packet Sniffing Software

Intrusion detection systems (IDS)

intrusion prevention systems (IPS)Normal Telnet Session

Forcing an ARP Entry

04/10/2023 05:03 AM


18 Prevention of Session Hijacking

There are mainly four methods to prevent session hijacking:

1. Encryption

2. Connections

3. Anti-virus Software

4. Employee education

04/10/2023 05:03 AM


19Conclusion

Protecting network sessions that carry sensitive and important data such as credit card numbers, bank transactions, and administrative server commands is an important first step at improving the security posture of your organization.

Secure session tracking should not rely on either cookies or ssl session-ids alone, but rather a combination of these two plus many more factors. Airlock detects and prevents session hijacking by continuously checking this fingerprint of a users requests.

04/10/2023 05:03 AM


20 References Mark Lin “An Overview of Session Hijacking at the Network and Application Levels,” SANS institute 2005.

Paul Jess, “Session Hijacking in Windows Networks” Richard Wanner, SANS Institute , 2006.

Laxman Vishnoi and Monika Agrwal, “Session hijacking and its countermeasure” 2013.

Dinesh Yadav and Anjali Sardana,” Enhanced 3-Way Handshake Protocol for Key Exchange in IEEE 802.11i”

Bo Li and Shen-juan LV “The Application Research of Cookies in Network Security”

Faheem Fayyaz and Hamza Rasheed “Using JPCAP to prevent man-in-the-middle attacks in a local area network environment”

Joon S. Park and Ravi Sandhu “Secure Cookies on the Web” George Mason University

Hulusi Onder “Session Hijacking Attacks in Wireless Local Area Networks” Monterey, California , March 2004

Italo Dacosta, Saurabh Chakradeo, Mustaque Ahamad and Patrick Traynor “One-Time Cookies: Preventing Session Hijacking Attacks with Stateless Authentication Tokens”

Huyam AL-Amro and Eyas El-Qawasmeh “Discovering Security Vulnerabilities And Leaks In ASP.NET Websites”

Preecha Noiumkar "Top 10 Free Web-Mail Security Test Using Session Hijacking”

Sheng Pang, Changjia Chen, Jinkang jia” Session Hijack in the Great Firewall of China”

Kevin Lam, David LeBlanc, and Ben Smith (2005). Prevent Session Hijacking [Online]. Available: http://technet.microsoft.com/en-us/magazine/2005.01.sessionhijacking.aspx

Definition of Session Hijacking [Online]. Available: http://hitachi-id.com/concepts/session_hijacking.html

Session Hijacking [Online]. Available: http://en.wikipedia.org/wiki/Session_hijacking

Anim Saxena (Jan 23, 2013) Session Hijacking and Web based Attacks [Online]. Available: https://supportforums.cisco.com/community/netpro/security/web/blog/2013/01/23/session-hicjacking-and-some-web-based-attacks

Luke Millanta (Friday 23 August 2013). How to: Understanding session hijacking [Online]. Available: http://www.pcauthority.com.au/Feature/354468,how-to-understanding-session-hijacking.aspx

04/10/2023 05:03 AM


21 Thank You…..

Q/A!

session hijacking ppt

Education

detection of session

session hijacking difference

session hijacking theft

hijacking spoofing

udp session

session ids

kevadiya harsh guided

active session