• Like
Module 6   Session Hijacking
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Module 6 Session Hijacking



Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • hello , someone tell me where in which site Hacking Tool: HUNT
    Are you sure you want to
    Your message goes here
  • Hello
    Are you sure you want to
    Your message goes here
  • Nice work .. but how i can get a report of session hijacking tools example ?
    Are you sure you want to
    Your message goes here
  • [FRESH RELEASE HD MOVIE] A Hijacking Only Copy and Paste This 'Link' xxxxo=>>> http://movizones.com/play.php?movie=2216240
    Are you sure you want to
    Your message goes here
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 2. Objective
    • Session Hijacking
    • Difference between Spoofing and Hijacking
    • Steps to Conduct a Session Hijacking Attack
    • Types of Session Hijacking
    • Performing Sequence Number Prediction
    • TCP/IP Hijacking
    • Session Hijacking Tools
    • Countermeasures to Session Hijacking
  • 3. What is Session Hijacking?
    • TCP session hijacking is when a hacker takes over a TCP session between two machines
    • Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine
  • 4. Spoofing vs. Hijacking
    • In a spoofing attack, an attacker does not actively take another user offline to perform the attack
    • He pretends to be another user, or machine to gain access
  • 5. Spoofing vs. Hijacking (cont’d)
    • With a hijacking, an attacker takes over an existing session, which means he relies on the legitimate user to make a connection and authenticate
    • Subsequently, the attacker takes over the session
  • 6. Steps in Session Hijacking
    • Place yourself between the victim and the target (you must be able to sniff the network)
    • Monitor the flow of packets
    • Predict the sequence number
    • Kill the connection to the victim’s machine
    • Take over the session
    • Start injecting packets to the target server
  • 7. Types of Session Hijacking
  • 8. The 3-Way Handshake
  • 9. TCP Concepts 3-Way Handshake
    • Bob initiates a connection with the server. Bob sends a packet to the server with the SYN bit set
    • The server receives this packet and sends back a packet with the SYN bit and an ISN (Initial Sequence Number) for the server
    • Bob sets the ACK bit acknowledging the receipt of the packet and increments the sequence number by 1
    • The two machines have successfully established a session
  • 10. Sequence Numbers
    • Sequence numbers are important in providing a reliable communication and are also crucial for hijacking a session
    • Sequence numbers are a 32-bit counter. Therefore, the possible combinations can be over 4 billion
    • Sequence numbers are used to tell the receiving machine what order the packets should go in, when they are received
    • Therefore, an attacker must successfully guess the sequence numbers in order to hijack a session
  • 11. Sequence Number Prediction
    • After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of choosing, which then must be acknowledged (ACK) by the client
    • This sequence number is predictable; the attack connects to a server first with its own IP address, records the sequence number chosen, then opens a second connection from a forged IP address
    • The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct response
    • If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server
  • 12. TCP/IP Hijacking
  • 13. TCP/IP Hijacking
  • 14. RST Hijacking
  • 15. Programs for Session Hijacking
    • There are several programs available that perform session hijacking
    • The following are a few that belong in this category:
      • Juggernaut
      • Hunt
      • TTY Watcher
      • IP Watcher
      • T-Sight
      • Paros HTTP Hijacker
  • 16. Hacking Tool: Juggernaut
    • Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux operating systems
    • Juggernaut can be set to watch for all network traffic, or it can be given a keyword (e.g. a password ) to look out for
    • The objective of this program is to provide information about ongoing network sessions
    • The attacker can see all of the sessions and choose a session to hijack
  • 17. Hacking Tool: Hunt
    • Hunt is a program that can be used to listen, intercept, and hijack active sessions on a network
    • Hunt offers:
      • Connection management
      • ARP spoofing
      • Resetting connection
      • Watching connection
      • MAC address discovery
      • Sniffing TCP traffic
  • 18. Hacking Tool: IP Watcher
    • http://engarde.com
    • IP watcher is a commercial session hijacking tool that allows you to monitor connections and has active facilities for taking over a session
    • The program can monitor all connections on a network, allowing an attacker to display an exact copy of a session in real-time, just as the user of the session sees the data
  • 19. Session Hijacking Tool: T-Sight
    • http://engarde.com
    • T-Sight is a session hijacking tool for Windows
    • With T-Sight, you can monitor all of your network connections (i.e. traffic) in real-time, and observe the composition of any suspicious activity that takes place
    • T-Sight has the capability to hijack any TCP sessions on the network
    • Due to security reasons, Engarde Systems licenses this software to pre-determined IP addresses
  • 20. Session Hijacking Tool: T-Sight Session Hijacking is simple by clicking this button
  • 21. Remote TCP Session Reset Utility
  • 22. Paros HTTP Session Hijacking Tool
    • Paros is a man-in-the-middle proxy and application vulnerability scanner
    • It allows users to intercept, modify, and debug HTTP and HTTPS data on-the-fly between a web server and a client browser
    • It also supports spidering, proxy-chaining, filtering, and application vulnerability scanning
  • 23. Paros Untitled Session
  • 24. Paros HTTP Session Hijacking Tool
  • 25. Protecting against Session Hijacking
    • Use encryption
    • Use a secure protocol
    • Limit incoming connections
    • Minimize remote access
    • Educate the employees
  • 26. Countermeasure: IP Security