• Like
  • Save
Session Hijacking
Upcoming SlideShare
Loading in...5
×
 

Session Hijacking

on

  • 3,919 views

Session Hijacking by Vishal Punjabi @ null Mumbai Meet, September 2011

Session Hijacking by Vishal Punjabi @ null Mumbai Meet, September 2011

Statistics

Views

Total Views
3,919
Views on SlideShare
3,512
Embed Views
407

Actions

Likes
2
Downloads
111
Comments
0

1 Embed 407

http://null.co.in 407

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Session Hijacking Session Hijacking Presentation Transcript

    • SESSION HIJACKING
      BY Vishal Punjabi
    • TOPICS
      TCP Concepts-The 3 Way handshake
      Session hijacking
      Types
      Method
      Mitigations
      Tools
      Firesheep
    • The 3-way Handshake
    • What is Session Hijacking ?
      Session hijacking is when an attacker gets access to the session state of a legitimate user.
      The attacker steals a valid session ID which is used to get into the system and retrieve the data
    • 3-Way Handshake
    • Session Hijacking
    • Session Hijacking
    • This is Spoofing not Hijacking
    • This is Hijacking
    • Types Of Session Hijacking
      Predictable session token
      Session sniffing
      Client side attacks (XSS, malicious JS codes, trojans etc)
      Blind Hijack
      Man-in-the-middle (MITM)
    • Method (steps)
      Place yourself between the victim and the target (you must be able to sniff the network)
      Monitor the flow of packets
      Predict the sequence number
      Optionally kill the connection to the victim’s machine
      Take over the session
      Start injecting packets to the target server
    • Mitigations
      Use a secure HTTPS protocol
      Use a VPN when connecting remotely
      Protect access to your own networks
      Limit exposure to untrusted networks
      Educate the employees
    • Tools
      Juggernaut
      Hunt
      TTY Watcher
      IP Watcher
      T-Sight
      Parros HTTP Hijacker
      DroidSheep for Android
      Firesheep (Firefox addon)
    • Firesheep
      Firesheep is a free, open source, and is now available for Mac OS X and Windows.
      Linux support is on the way.
      Find it here-
      https://github.com/codebutler/firesheep/downloads