TCIL-IT Certified Ethical Hacker  Module Session Hijacking        www.facebook.com/officialrahultyagi
Topics•   Session Hijacking•   Difference Between Spoofing & Hijacking•   Types of Session Hijacking•   Session Hijacking ...
Session HijackingSession Hijacking is whenan attacker gets access tothe session state of aparticular user.The attacker ste...
Spoofing & HijackingIn spoofing , an attackerdoes not actively takeanother user offline toperform the attack. Hemainly pre...
Spoofing & HijackingHijacking is done only aftervictim has connected to theserver. With hijacking , anattacker takes over ...
Steps in Session Hijacking1.First you should able to sniff the network2.Monitor the flow of packets3. Predict the sequence...
Types of HijackingActive:- In an active attack , anattacker finds an active sessionand takes over.Passive:- With passive a...
Session Hijacking With FiresheepFiresheepFiresheep is free, open source, and isavailable now for Mac OS X andWindows. Linu...
Session Hijacking With FiresheepIts extremely common for websites toprotect your password by encryptingthe initial login, ...
Session Hijacking With FiresheepAfter installing the extension youll seea new sidebar. Connect to any busyopen wifi networ...
Session Hijacking With FiresheepAs soon as anyone on the networkvisits an insecure website known toFiresheep, their name a...
Session Hijacking With FiresheepDouble-click on someone, and youreinstantly logged in as them.                            ...
ConclusionWebsites have a responsibility to protect thepeople who depend on their services. Theyvebeen ignoring this respo...
Upcoming SlideShare
Loading in …5
×

Session Hijacking By Rahul Tyagi Ethical Hacker from Punjab TCIL-IT Certified Ethical Hacker

3,110 views

Published on

Session Hijacking By Rahul Tyagi Ethical Hacker from Punjab TCIL-IT Certified Ethical Hacker

Published in: Technology
2 Comments
4 Likes
Statistics
Notes
No Downloads
Views
Total views
3,110
On SlideShare
0
From Embeds
0
Number of Embeds
139
Actions
Shares
0
Downloads
111
Comments
2
Likes
4
Embeds 0
No embeds

No notes for slide

Session Hijacking By Rahul Tyagi Ethical Hacker from Punjab TCIL-IT Certified Ethical Hacker

  1. 1. TCIL-IT Certified Ethical Hacker Module Session Hijacking www.facebook.com/officialrahultyagi
  2. 2. Topics• Session Hijacking• Difference Between Spoofing & Hijacking• Types of Session Hijacking• Session Hijacking Tools• Session Hijacking With Firesheep• Preventions to Session Hijacking• Conclusion www.facebook.com/officialrahultyagi
  3. 3. Session HijackingSession Hijacking is whenan attacker gets access tothe session state of aparticular user.The attacker steals a validsession ID which is used toget into system and retrievethe data www.facebook.com/officialrahultyagi
  4. 4. Spoofing & HijackingIn spoofing , an attackerdoes not actively takeanother user offline toperform the attack. Hemainly pretends to beanother user or machineto gain access.Its done through Cain nAbel www.facebook.com/officialrahultyagi
  5. 5. Spoofing & HijackingHijacking is done only aftervictim has connected to theserver. With hijacking , anattacker takes over an existingsession, which means he relieson the legitimate user to make aconnection and authenticate.At last the attacker takes overthe session. www.facebook.com/officialrahultyagi
  6. 6. Steps in Session Hijacking1.First you should able to sniff the network2.Monitor the flow of packets3. Predict the sequence number4.Kill the connection to the victim’s machine5. Take over the session6. Start injecting packets to the target server www.facebook.com/officialrahultyagi
  7. 7. Types of HijackingActive:- In an active attack , anattacker finds an active sessionand takes over.Passive:- With passive attack, anattacker hijacks a session, butsits back, and watches andrecords all the traffic that sbeing sent forth www.facebook.com/officialrahultyagi
  8. 8. Session Hijacking With FiresheepFiresheepFiresheep is free, open source, and isavailable now for Mac OS X andWindows. Linux support is on the way.When logging into a website youusually start by submitting yourusername and password. The serverthen checks to see if an accountmatching this information exists and ifso, replies back to you with a "cookie"which is used by your browser for all www.facebook.com/officialrahultyagisubsequent requests.
  9. 9. Session Hijacking With FiresheepIts extremely common for websites toprotect your password by encryptingthe initial login, but surprisinglyuncommon for websites to encrypteverything else. This leaves thecookie (and the user) vulnerable.HTTP session hijacking (sometimescalled "sidejacking") is when anattacker gets a hold of a users cookie,allowing them to do anything the usercan do on a particular website. On anopen wireless network, cookies arebasically shouted through the air,making these attacks extremely easy. www.facebook.com/officialrahultyagi
  10. 10. Session Hijacking With FiresheepAfter installing the extension youll seea new sidebar. Connect to any busyopen wifi network and click the big"Start Capturing" button. Then wait. www.facebook.com/officialrahultyagi
  11. 11. Session Hijacking With FiresheepAs soon as anyone on the networkvisits an insecure website known toFiresheep, their name and photo willbe displayed: www.facebook.com/officialrahultyagi
  12. 12. Session Hijacking With FiresheepDouble-click on someone, and youreinstantly logged in as them. www.facebook.com/officialrahultyagi
  13. 13. ConclusionWebsites have a responsibility to protect thepeople who depend on their services. Theyvebeen ignoring this responsibility for too long, andits time for everyone to demand a more secureweb. www.facebook.com/officialrahultyagi

×