Your SlideShare is downloading. ×
Session hijacking
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Session hijacking

1,414
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,414
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. TOPICS  TCP Concepts-The 3 Way handshake  Session hijacking  Types  Method  Mitigations  Tools  Firesheep
  • 2. The 3-way Handshake
  • 3. What is Session Hijacking ?  Session hijacking is when an attacker gets access to the session state of a legitimate user.  The attacker steals a valid session ID which is used to get into the system and retrieve the data
  • 4. 3-Way Handshake
  • 5. Session Hijacking
  • 6. Session Hijacking
  • 7. This is Spoofing not Hijacking
  • 8. This is Hijacking
  • 9. Types Of Session Hijacking  Predictable session token  Session sniffing  Client side attacks (XSS, malicious JS codes, trojans etc)  Blind Hijack  Man-in-the-middle (MITM)
  • 10. Method (steps)  Place yourself between the victim and the target (you must be able to sniff the network)  Monitor the flow of packets  Predict the sequence number  Optionally kill the connection to the victim’s machine  Take over the session  Start injecting packets to the target server
  • 11. Mitigations  Use a secure HTTPS protocol  Use a VPN when connecting remotely  Protect access to your own networks  Limit exposure to untrusted networks  Educate the employees
  • 12. Tools  Juggernaut  Hunt  TTY Watcher  IP Watcher  T-Sight  Parros HTTP Hijacker  DroidSheep for Android  Firesheep (Firefox addon)
  • 13. Firesheep  Firesheep is a free, open source, and is now available for Mac OS X and Windows.  Linux support is on the way. Find it here- https://github.com/codebutler/firesheep/download s

×