What is Session Hijacking ?<br />Session hijacking is when an attacker gets access to the session state of a legitimate user.<br />The attacker steals a valid session ID which is used to get into the system and retrieve the data<br />
Method (steps)<br />Place yourself between the victim and the target (you must be able to sniff the network)<br />Monitor the flow of packets<br />Predict the sequence number<br />Optionally kill the connection to the victim’s machine<br />Take over the session<br />Start injecting packets to the target server<br />
Mitigations<br />Use a secure HTTPS protocol<br />Use a VPN when connecting remotely<br />Protect access to your own networks<br />Limit exposure to untrusted networks<br />Educate the employees<br />
Firesheep<br />Firesheep is a free, open source, and is now available for Mac OS X and Windows.<br />Linux support is on the way. <br />Find it here-<br />https://github.com/codebutler/firesheep/downloads<br />
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.