Session Hijacking
Upcoming SlideShare
Loading in...5
×
 

Session Hijacking

on

  • 4,081 views

Session Hijacking by Vishal Punjabi @ null Mumbai Meet, September 2011

Session Hijacking by Vishal Punjabi @ null Mumbai Meet, September 2011

Statistics

Views

Total Views
4,081
Views on SlideShare
3,674
Embed Views
407

Actions

Likes
2
Downloads
118
Comments
0

1 Embed 407

http://null.co.in 407

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Session Hijacking Session Hijacking Presentation Transcript

  • SESSION HIJACKING
    BY Vishal Punjabi
  • TOPICS
    TCP Concepts-The 3 Way handshake
    Session hijacking
    Types
    Method
    Mitigations
    Tools
    Firesheep
  • The 3-way Handshake
  • What is Session Hijacking ?
    Session hijacking is when an attacker gets access to the session state of a legitimate user.
    The attacker steals a valid session ID which is used to get into the system and retrieve the data
  • 3-Way Handshake
  • Session Hijacking
  • Session Hijacking
  • This is Spoofing not Hijacking
  • This is Hijacking
  • Types Of Session Hijacking
    Predictable session token
    Session sniffing
    Client side attacks (XSS, malicious JS codes, trojans etc)
    Blind Hijack
    Man-in-the-middle (MITM)
  • Method (steps)
    Place yourself between the victim and the target (you must be able to sniff the network)
    Monitor the flow of packets
    Predict the sequence number
    Optionally kill the connection to the victim’s machine
    Take over the session
    Start injecting packets to the target server
  • Mitigations
    Use a secure HTTPS protocol
    Use a VPN when connecting remotely
    Protect access to your own networks
    Limit exposure to untrusted networks
    Educate the employees
  • Tools
    Juggernaut
    Hunt
    TTY Watcher
    IP Watcher
    T-Sight
    Parros HTTP Hijacker
    DroidSheep for Android
    Firesheep (Firefox addon)
  • Firesheep
    Firesheep is a free, open source, and is now available for Mac OS X and Windows.
    Linux support is on the way.
    Find it here-
    https://github.com/codebutler/firesheep/downloads