Your SlideShare is downloading. ×
0
SESSION HIJACKING<br />BY  Vishal Punjabi<br />
TOPICS <br />TCP Concepts-The 3 Way handshake<br />Session hijacking<br />Types<br />Method<br />Mitigations<br />Tools<br...
The 3-way Handshake<br />
What is Session Hijacking ?<br />Session hijacking is when an attacker gets access to the session state of a legitimate us...
3-Way Handshake<br />
Session Hijacking<br />
Session Hijacking<br />
This is Spoofing not Hijacking<br />
This is Hijacking<br />
Types Of Session Hijacking<br />Predictable session token<br />Session sniffing<br />Client side attacks (XSS, malicious J...
Method (steps)<br />Place yourself between the victim and the target (you must be able to sniff the network)<br />Monitor ...
Mitigations<br />Use a secure HTTPS protocol<br />Use a VPN when connecting remotely<br />Protect access to your own netwo...
Tools<br />Juggernaut<br />Hunt<br />TTY Watcher<br />IP Watcher<br />T-Sight<br />Parros HTTP Hijacker<br />DroidSheep fo...
Firesheep<br />Firesheep is a free, open source, and is now available for Mac OS X and Windows.<br />Linux support is on t...
Upcoming SlideShare
Loading in...5
×

Session Hijacking

3,892

Published on

Session Hijacking by Vishal Punjabi @ null Mumbai Meet, September 2011

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,892
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
199
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Session Hijacking"

  1. 1. SESSION HIJACKING<br />BY Vishal Punjabi<br />
  2. 2. TOPICS <br />TCP Concepts-The 3 Way handshake<br />Session hijacking<br />Types<br />Method<br />Mitigations<br />Tools<br />Firesheep<br />
  3. 3. The 3-way Handshake<br />
  4. 4. What is Session Hijacking ?<br />Session hijacking is when an attacker gets access to the session state of a legitimate user.<br />The attacker steals a valid session ID which is used to get into the system and retrieve the data<br />
  5. 5. 3-Way Handshake<br />
  6. 6. Session Hijacking<br />
  7. 7. Session Hijacking<br />
  8. 8. This is Spoofing not Hijacking<br />
  9. 9. This is Hijacking<br />
  10. 10. Types Of Session Hijacking<br />Predictable session token<br />Session sniffing<br />Client side attacks (XSS, malicious JS codes, trojans etc) <br />Blind Hijack<br />Man-in-the-middle (MITM)<br />
  11. 11. Method (steps)<br />Place yourself between the victim and the target (you must be able to sniff the network)<br />Monitor the flow of packets<br />Predict the sequence number<br />Optionally kill the connection to the victim’s machine<br />Take over the session<br />Start injecting packets to the target server<br />
  12. 12. Mitigations<br />Use a secure HTTPS protocol<br />Use a VPN when connecting remotely<br />Protect access to your own networks<br />Limit exposure to untrusted networks<br />Educate the employees<br />
  13. 13. Tools<br />Juggernaut<br />Hunt<br />TTY Watcher<br />IP Watcher<br />T-Sight<br />Parros HTTP Hijacker<br />DroidSheep for Android<br />Firesheep (Firefox addon)<br />
  14. 14. Firesheep<br />Firesheep is a free, open source, and is now available for Mac OS X and Windows.<br />Linux support is on the way. <br />Find it here-<br />https://github.com/codebutler/firesheep/downloads<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×