Wednesday 8 February 2017

Session Hijacking

c#.net software companies India


Session hijacking, also well-known as TCP session hijacking, is a technique of taking over a Web user session by secretly obtaining the session ID and masquerading as the legal user. Once the user's session ID has been retrieved (through session calculation), the attacker can masquerade as that user and do whatever the user is authorized to do on the network.

SPOOFING VERSUS HIJACKING spoofing and hijacking are measured to be same thing. Actually they are completely different from each other.
Spoofing: A hacker will imitate himself to gain access. Unlike hijacking, it actually creates a new session using target pinched credentials rather than using present session.
Hijacking: Unlike spoofing, it takes over current active session. It will depend on some legitimate user to establish a linking and even authentication.

Techniques of session Hijacking:
It may include any of the following techniques:
  • Stealing: It refers to all those methods accepted in order to steal session IDs.  
  • Brute Force: It is totally hit and trial. An attacker will try various IDs until get success. 
  • Calculation: An attacker will try to compute the session Ids with use of non-randomly twisted IDs.
Application level session hijacking
Session Hijacking in OSI model can be attained at both application as well as network level. Here, in this article, application level session hijacking is explained in much detail.
1. Sniffing: An attacker to sniff a valid session IDs on the network can make use of a sniffer like a popular one is Wireshark. It keeps its eye on network traffic and from this usefulness we can use valid token session to get authorized access in an unauthorized way.
2. Session Token Prediction: It is commonly used to forecast a session ID or for impersonation task. It helps an attacker to use compromised user privileges to ping the websites with them.
3. MITM attack:  The MITM attack is a Man in the Middle attack. It is used to interrupt into an existing connection between machines to know traded messages between them.
Process:
i. First divide the TCP connection into two: Client to Attacker, An Attacker to Server.
ii. On being completely interrupted, an attacker can read, inject and even modify data into this connection
4. MIB attack: The MIB attack is a Man in the Browser attack. It makes use of the Trojan horse to interrupt the calls between the browser and its security model. It is mainly used for triggering financial deceptions by adjusting transactions of Net Banking mechanism.
Process:
 i. The Trojan horse first tries to infect computer application or its OS.
ii. Malevolent code installation and saved to configuration of the browser.
iii. When user restarts the infested browser, Trojan is being loaded and a handler is listed for every visit.
iv. While web page is loaded, extensions make use of URL and equate it with list of targeted sites.
 v. User then log in.
vi. When a specific page load is noticed, button event handler is enumerated and then compared to targeted list. vii. Finally, browser directs the form and manipulated values to the server.
5. Client Side Attacks: They are kind of an attack, in which the malevolent scripts are then injected into websites. This destructive code can be embedded in a web page and even does not alert any kind of notice.
EFFECTIVE COUNTERMEASURES:
  •  Use SSL to have protected communication channel. 
  •  There must be logout utility for session termination. 
  •  Trust HTTPS connection for transient authentication cookies. 
  •  Always allow encrypted data between user and webservers. 
  •  Accept a secure protocol. 
  •  Regeneration of Session ID after user log in. 
  •  Lessen having remote access. 
  •  Importance on Encryption. 
  •  Decrease incoming connections. 
  •  Decrease the life span of session or cookie.
  •  Create session keys with lengthy strings or random numbers. 
  •  Try stopping Eavesdropping. 
  •  Expire the session when user logs out. 
  •  Do not access links received via mails. 
  •  Use firewall and browser settings to limit cookies. 
  •  Make sure website which we are retrieving is certified by certified authority.  Clear history, offline contents and cookies from browser after each secret or sensitive transaction.
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)