Session Hijacking

5,046 views

Published on

Session Hijacking by Vishal Punjabi @ null Mumbai Meet, September 2011

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,046
On SlideShare
0
From Embeds
0
Number of Embeds
415
Actions
Shares
0
Downloads
246
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Session Hijacking

  1. 1. SESSION HIJACKING<br />BY Vishal Punjabi<br />
  2. 2. TOPICS <br />TCP Concepts-The 3 Way handshake<br />Session hijacking<br />Types<br />Method<br />Mitigations<br />Tools<br />Firesheep<br />
  3. 3. The 3-way Handshake<br />
  4. 4. What is Session Hijacking ?<br />Session hijacking is when an attacker gets access to the session state of a legitimate user.<br />The attacker steals a valid session ID which is used to get into the system and retrieve the data<br />
  5. 5. 3-Way Handshake<br />
  6. 6. Session Hijacking<br />
  7. 7. Session Hijacking<br />
  8. 8. This is Spoofing not Hijacking<br />
  9. 9. This is Hijacking<br />
  10. 10. Types Of Session Hijacking<br />Predictable session token<br />Session sniffing<br />Client side attacks (XSS, malicious JS codes, trojans etc) <br />Blind Hijack<br />Man-in-the-middle (MITM)<br />
  11. 11. Method (steps)<br />Place yourself between the victim and the target (you must be able to sniff the network)<br />Monitor the flow of packets<br />Predict the sequence number<br />Optionally kill the connection to the victim’s machine<br />Take over the session<br />Start injecting packets to the target server<br />
  12. 12. Mitigations<br />Use a secure HTTPS protocol<br />Use a VPN when connecting remotely<br />Protect access to your own networks<br />Limit exposure to untrusted networks<br />Educate the employees<br />
  13. 13. Tools<br />Juggernaut<br />Hunt<br />TTY Watcher<br />IP Watcher<br />T-Sight<br />Parros HTTP Hijacker<br />DroidSheep for Android<br />Firesheep (Firefox addon)<br />
  14. 14. Firesheep<br />Firesheep is a free, open source, and is now available for Mac OS X and Windows.<br />Linux support is on the way. <br />Find it here-<br />https://github.com/codebutler/firesheep/downloads<br />

×