difference and types in sessionhijacking.pdf
jayaprasanna10
10 views
21 slides
Jul 23, 2024
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
cf
Slide Content
Session Hijacking
Theft On The Web
By Mr.KevadiyaHarsh j.
1
By KevadiyaHarsh Guided by Prof.MayuriMehta
9/28/2013 8:53
AM
Theft On The Web
By Mr.KevadiyaHarsh j.
1
By KevadiyaHarsh Guided by Prof.MayuriMehta
9/28/2013 8:53
AM
Outline
Session Hijacking
Difference Between Spoofing and Hijacking
Types of Session Hijacking
Network and Application Level of Session Hijacking
Steps to Conduct a Session Hijacking Attack
Session Hijacking Tools
Detection and Prevention of Session Hijacking
2
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Session Hijacking
Difference Between Spoofing and Hijacking
Types of Session Hijacking
Network and Application Level of Session Hijacking
Steps to Conduct a Session Hijacking Attack
Session Hijacking Tools
Detection and Prevention of Session Hijacking
2
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
What Is Session Hijacking
Session Hijacking is when an attacker gets access to the session state of a
particular user.
The attacker steals a valid session ID which is used to get into the system
and snoop the data.
WhatsApp Sniffer is popular Session Hijacking attack.
Session Hijacking first attack on Christmas day 1994 by Kevin Mitnick when
http 0.9 was release.
3
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Session Hijacking is when an attacker gets access to the session state of a
particular user.
The attacker steals a valid session ID which is used to get into the system
and snoop the data.
WhatsApp Sniffer is popular Session Hijacking attack.
Session Hijacking first attack on Christmas day 1994 by Kevin Mitnick when
http 0.9 was release.
3
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Spoofing vs. Hijacking
Spoofing :
4
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Spoofing :
4
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Spoofing vs. Hijacking(cont’d)
Hijacking:
5
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Hijacking:
5
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Types of Session Hijacking
There are 2 types of Session Hijacking
1)Active :
In an active attack, an attacker finds an active session and takes over.
2)Passive :
With passive attack, an attacker hijacks a session, but sits back, and watches
and records all the traffic that is being sent forth.
6
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
There are 2 types of Session Hijacking
1)Active :
In an active attack, an attacker finds an active session and takes over.
2)Passive :
With passive attack, an attacker hijacks a session, but sits back, and watches
and records all the traffic that is being sent forth.
6
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Session Hijacking Levels
Session hijacking takes place at two levels:
1.Network Level:
Network level can be defined as the interception of the packets during the
transmission between client and the server in a TCP and UDP session
2.Application Level:
Application level is about gaining control on HTTP user session by obtaining the
session ID’s
7
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Session hijacking takes place at two levels:
1.Network Level:
Network level can be defined as the interception of the packets during the
transmission between client and the server in a TCP and UDP session
2.Application Level:
Application level is about gaining control on HTTP user session by obtaining the
session ID’s
7
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Network Level
Network level session hijacking is particularly attractive to hackers because
it provides some critical information to the attacker which is used to attack
application level sessions
Network level hijacking includes:
TCP/IP Hijacking
IP Spoofing: Source Routed Packets
RST Hijacking
Blind Hijacking
Man in the Middle: Packet Sniffer
UDP Hijacking
8
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Network level session hijacking is particularly attractive to hackers because
it provides some critical information to the attacker which is used to attack
application level sessions
Network level hijacking includes:
TCP/IP Hijacking
IP Spoofing: Source Routed Packets
RST Hijacking
Blind Hijacking
Man in the Middle: Packet Sniffer
UDP Hijacking
8
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
9/28/2013 8:53
AM
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
‹#›
AM
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
‹#›
IP Spoofing: Source Routed Packets
IP spoofing is “a technique used to gain unauthorized access to computers,
whereby the intruder sends messages to a computer with an IP address
indicating that the message is coming from a trusted host.”
10
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
IP spoofing is “a technique used to gain unauthorized access to computers,
whereby the intruder sends messages to a computer with an IP address
indicating that the message is coming from a trusted host.”
10
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
9/28/2013 8:53
AM
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
‹#›
AM
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
‹#›
Blind Hijacking
In blind hijacking, an attacker injects data such as malicious commands
into intercepted communications between two hosts.
The hacker can send the data or comments but has no access to see the
response.
12
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
In blind hijacking, an attacker injects data such as malicious commands
into intercepted communications between two hosts.
The hacker can send the data or comments but has no access to see the
response.
12
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Man in the Middle: Packet Sniffer
(MITM) and UDP Hijacking
In this attack, the packet sniffer is used to interface between the client and
the server.
The packets between the client and the server are routed through the
hijacker’s host by using two techniques:
1.Internet Control Message Protocol (ICMP)
2.ARP spoofing
UDP Hijacking:
Man in the Middle attack in the UDP hijacking can minimize the task of the
attacker.
13
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
(MITM) and UDP Hijacking
In this attack, the packet sniffer is used to interface between the client and
the server.
The packets between the client and the server are routed through the
hijacker’s host by using two techniques:
1.Internet Control Message Protocol (ICMP)
2.ARP spoofing
UDP Hijacking:
Man in the Middle attack in the UDP hijacking can minimize the task of the
attacker.
13
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Application Level Session Hijacking
In this level, the hacker gains the session ID’s to get control of the existing
session or even create a new unauthorized session
Application level session hijacking includes:
Obtaining Session ID’s
Sniffing
Brute Force
Misdirected Trust
14
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
In this level, the hacker gains the session ID’s to get control of the existing
session or even create a new unauthorized session
Application level session hijacking includes:
Obtaining Session ID’s
Sniffing
Brute Force
Misdirected Trust
14
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Implements
There is a well-known saying that
“Ideas without implementation is hallucination.”
15
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
There is a well-known saying that
“Ideas without implementation is hallucination.”
15
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Session Hijacking Tools
WireShark: sniffing packets
Juggernaut: Linux base, Flow across the network
Hunt: Unix base, sequence number prediction
TTY Watcher: sun, monitor and control users system
IP Watcher: commercial Software
T-Sight : Windows , Commercial software
Paros HTTP Hijacker: spidering, proxy-chaining, filtering, application
vulnerability scanning.
Hjksuite Tool:
DnsHijacker Tool and many open source scripts like cookie injector.
16
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
WireShark: sniffing packets
Juggernaut: Linux base, Flow across the network
Hunt: Unix base, sequence number prediction
TTY Watcher: sun, monitor and control users system
IP Watcher: commercial Software
T-Sight : Windows , Commercial software
Paros HTTP Hijacker: spidering, proxy-chaining, filtering, application
vulnerability scanning.
Hjksuite Tool:
DnsHijacker Tool and many open source scripts like cookie injector.
16
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Detection of Session Hijacking
Why we want to detect?
17
Detection Method
Manual Method Automatic Method
Using Packet
Sniffing Software
Intrusion detection
systems (IDS)
intrusion prevention
systems (IPS)Normal Telnet Session
Forcing an ARP Entry
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Why we want to detect?
17
Detection Method
Manual Method Automatic Method
Using Packet
Sniffing Software
Intrusion detection
systems (IDS)
intrusion prevention
systems (IPS)Normal Telnet Session
Forcing an ARP Entry
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Prevention of Session Hijacking
There are mainly four methods to prevent session hijacking:
1.Encryption
2.Connections
3.Anti-virus Software
4.Employee education
18
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
There are mainly four methods to prevent session hijacking:
1.Encryption
2.Connections
3.Anti-virus Software
4.Employee education
18
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Conclusion
Protecting network sessions that carry sensitive and important data such as
credit card numbers, bank transactions, and administrative server
commands is an important first step at improving the security posture of
your organization.
Secure session tracking should not rely on either cookies or sslsession-ids
alone, but rather a combination of these two plus many more factors.
Airlock detects and prevents session hijacking by continuously checking this
fingerprint of a users requests.
19
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Protecting network sessions that carry sensitive and important data such as
credit card numbers, bank transactions, and administrative server
commands is an important first step at improving the security posture of
your organization.
Secure session tracking should not rely on either cookies or sslsession-ids
alone, but rather a combination of these two plus many more factors.
Airlock detects and prevents session hijacking by continuously checking this
fingerprint of a users requests.
19
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
References
Mark Lin “An Overview of Session Hijacking at the Network and Application Levels,” SANS institute 2005.
Paul Jess, “Session Hijacking in Windows Networks” Richard Wanner, SANS Institute , 2006.
LaxmanVishnoiand Monika Agrwal, “Session hijacking and its countermeasure” 2013.
Dinesh Yadavand Anjali Sardana,”Enhanced 3-Way Handshake Protocol for Key Exchange in IEEE 802.11i”
Bo Li and Shen-juanLV “The Application Research of Cookies in Network Security”
FaheemFayyazand Hamza Rasheed “Using JPCAP to prevent man -in-the-middle attacks in a local area network environment”
JoonS. Park and Ravi Sandhu “Secure Cookies on the Web” George Mason University
HulusiOnder“Session Hijacking Attacks in Wireless Local Area Networks” Monterey, California , March 2004
ItaloDacosta, SaurabhChakradeo, MustaqueAhamadand Patrick Traynor“One-Time Cookies: Preventing Session Hijacking Attacks with Stateless
Authentication Tokens”
HuyamAL-Amroand EyasEl-Qawasmeh“Discovering Security Vulnerabilities And Leaks In ASP.NET Websites”
PreechaNoiumkar"Top 10 Free Web-Mail Security Test Using Session Hijacking”
Sheng Pang, ChangjiaChen, Jinkangjia”Session Hijack in the Great Firewall of China”
Kevin Lam, David LeBlanc, and Ben Smith (2005). Prevent Session Hijacking [Online]. Available: http://technet.microsoft.com/en-
us/magazine/2005.01.sessionhijacking.aspx
Definition of Session Hijacking [Online]. Available: http://hitachi-id.com/concepts/session_hijacking.html
Session Hijacking [Online]. Available: http://en.wikipedia.org/wiki/Session_hijacking
AnimSaxena(Jan 23, 2013) Session Hijacking and Web based Attacks [Online]. Available:
https://supportforums.cisco.com/community/netpro/security/web/blog/2013/01/23/session-hicjacking-and-some-web-based-attacks
Luke Millanta(Friday 23 August 2013). How to: Understanding session hijacking [Online]. Available:
http://www.pcauthority.com.au/Feature/354468,how-to-understanding-session-hijacking.aspx
20
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Mark Lin “An Overview of Session Hijacking at the Network and Application Levels,” SANS institute 2005.
Paul Jess, “Session Hijacking in Windows Networks” Richard Wanner, SANS Institute , 2006.
LaxmanVishnoiand Monika Agrwal, “Session hijacking and its countermeasure” 2013.
Dinesh Yadavand Anjali Sardana,”Enhanced 3-Way Handshake Protocol for Key Exchange in IEEE 802.11i”
Bo Li and Shen-juanLV “The Application Research of Cookies in Network Security”
FaheemFayyazand Hamza Rasheed “Using JPCAP to prevent man -in-the-middle attacks in a local area network environment”
JoonS. Park and Ravi Sandhu “Secure Cookies on the Web” George Mason University
HulusiOnder“Session Hijacking Attacks in Wireless Local Area Networks” Monterey, California , March 2004
ItaloDacosta, SaurabhChakradeo, MustaqueAhamadand Patrick Traynor“One-Time Cookies: Preventing Session Hijacking Attacks with Stateless
Authentication Tokens”
HuyamAL-Amroand EyasEl-Qawasmeh“Discovering Security Vulnerabilities And Leaks In ASP.NET Websites”
PreechaNoiumkar"Top 10 Free Web-Mail Security Test Using Session Hijacking”
Sheng Pang, ChangjiaChen, Jinkangjia”Session Hijack in the Great Firewall of China”
Kevin Lam, David LeBlanc, and Ben Smith (2005). Prevent Session Hijacking [Online]. Available: http://technet.microsoft.com/en-
us/magazine/2005.01.sessionhijacking.aspx
Definition of Session Hijacking [Online]. Available: http://hitachi-id.com/concepts/session_hijacking.html
Session Hijacking [Online]. Available: http://en.wikipedia.org/wiki/Session_hijacking
AnimSaxena(Jan 23, 2013) Session Hijacking and Web based Attacks [Online]. Available:
https://supportforums.cisco.com/community/netpro/security/web/blog/2013/01/23/session-hicjacking-and-some-web-based-attacks
Luke Millanta(Friday 23 August 2013). How to: Understanding session hijacking [Online]. Available:
http://www.pcauthority.com.au/Feature/354468,how-to-understanding-session-hijacking.aspx
20
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Thank You…..
Q/A!
21
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Q/A!
21
By Kevadiya Harsh Guided by Prof.Mayuri Mehta
9/28/2013 8:53
AM
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 10
- Slides 21
- Age 495 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views