GK
Uploaded byGayatri Kapse
PPTX, PDF3,482 views

Session hijacking

Session hijacking involves taking control of an authorized user's session by obtaining their session ID. There are several methods, including TCP session hijacking, which can be done through blind hijacking or man-in-the-middle attacks. TCP session hijacking with packet blocking modifies the route table or ARP table to intercept packets. Tools like Hunt can hijack sessions through ARP attacks. Prevention methods include encryption, as used in SSH and TLS, and storm watching to detect abnormal network traffic increases that could indicate hijacking.

Embed presentation

Downloaded 183 times
SESSION HIJACKING PRESENTED BY: MISS. GAYATRI V. KAPSE
Contents:  Introduction to session hijacking  TCP session hijacking  TCP session hijacking with packet blocking  Session hijacking tools  UDP hijacking  Prevention
What is session? • A lasting connection between a user and a server usually involving the exchange of many requests 5. Validate Session CLIENT SERVER SESSIO N DATA 1. Request connection 2.Create session 3. Session id 4. Session id passed 6. Retrieve Session id 7. Successful response
Session Hijacking  Session Hijacking is the act of taking control of a user session after successfully obtaining of an authenticate session Id.  Session hijacking involves an attack using captured session id to grab control of legitimate users web application session while that application still in progress.  Session hijacking takes place at
TCP SESSION HIJACKING  Hacker takes control of a TCP session between two hosts.  It can be hijacked after hosts have authenticated successfully.  The authentication process followed by TCP is defined as a three-way handshake method.
Three way handshake
Categories of TCP Session Hijacking  Based on the anticipation of sequence numbers there are two types of TCP hijacking: ◦ Blind Hijacking ◦ Man-in-the-middle (MITM) attack
Man-in-the-middle (MITM) A hacker can also be "inline" between B and C using a sniffing program to watch the sequence numbers and acknowledge numbers in the IP packets transmitted between B and C. And then hijack the connection. This is known as a "man-in-the-middle attack".
Continuous ACK transfer  Losing the ACK packet  Ending connection  Resynchronizing client and server
ACK attack
ACK attack without DoS
ACK loop
TCP session hijacking with packet blocking
Methods of TCP session hijacking with packet blocking  Route Table Modification Route table can be seen by netstat – nra command at console prompt in Windows or Linux/ Unix O.S There are two entries in Linux route table 1. Way to all the node within the LAN 2. Way to all the addresses not on the LAN
Linux route table
Sections of route table  The active route  The active connection
Route table in action
Active connection section  Network addresses of computers that are connected to host computer can be seen by netstat –F (or netstat –n) on Linux box and active connection section on window box.
Route table modification attack
ARP(Address Resolution Protocol) attack  ARP table on computer stores the IP address and corresponding MAC address  ARP table can be seen by arp –a command at console prompt.
ARP request
01:23:a1:b2:ff:09 Has 192.168.0.78 192.168.0.102 HACK Who has 192.16.0.78 01:b5:44:8e:01:d 7 Has 192.168.0.78 Capturing the ARP broadcast response
Session hijacking tools Hunt • It performs sniffing and session hijacking • Hunt tool provides following menu option 1. Listing 2. Watching 3. Resetting connections • It hijack a session through ARP attack • Allows hacker to synchronize connection among host and server during session hijacking.
UDP Hijacking  It does not have error recovery features  More vulnerable to hijacking  Vitim is local computer not server
Prevention  Encryption  Storm watching
Encryption method in SSH and TLS
Storm watching  Refers to watch for abnormal increases in network traffic and alert the security officer when they occur.  Two packets with the same header information but different sizes could be evidence of hijacking.
SUMMERY  Hijacking is the process of taking the authority of the authorized person and inject itself in network as legitimate user.  Hijacking can be done in TCP session hijacking, packet blocking, UDP hijacking.  Hunt is session hijacking tool.  For prevention from hijacking SSH and TLS protocols are used.
QUESTIONS  Explain how session hijacking is achieved?  Explain TCP session hijacking with packet blocking?  Explain following terms: i) Hunt ii) Storm watching
THANK YOU!!!

More Related Content

PPTX
Denial of service
bygarishma bhatia
 
PPTX
Session Hijacking
byn|u - The Open Security Community
 
PPTX
Session Hijacking ppt
byHarsh Kevadia
 
PPTX
TOR NETWORK
byRishikese MR
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPT
DDoS Attacks
byJignesh Patel
 
PPTX
Ethical hacking - Footprinting.pptx
byNargis Parveen
 
PPTX
Kali linux and hacking
byAbdullahDanish8
 
Denial of service
bygarishma bhatia
 
Session Hijacking
byn|u - The Open Security Community
 
Session Hijacking ppt
byHarsh Kevadia
 
TOR NETWORK
byRishikese MR
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
DDoS Attacks
byJignesh Patel
 
Ethical hacking - Footprinting.pptx
byNargis Parveen
 
Kali linux and hacking
byAbdullahDanish8
 

What's hot

PPT
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
PDF
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
PPT
Information security and Attacks
bySachin Darekar
 
PPTX
RSA ALGORITHM
bySathish Kumar
 
PPT
Intruders and Viruses in Network Security NS9
bykoolkampus
 
PPT
Ethical hacking
byAltacit Global
 
PPT
Information Security & Cryptography
byArun ACE
 
PPTX
Intrusion detection and prevention system
byNikhil Raj
 
PPTX
Finalppt metasploit
bydevilback
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PDF
Wired and Wireless Network Forensics
bySavvius, Inc
 
PDF
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
PPT
Module 6 Session Hijacking
byleminhvuong
 
PPTX
Packet sniffing
byShyama Bhuvanendran
 
PPT
Ipspoofing
byAkhil Kumar
 
PPT
DES (Data Encryption Standard) pressentation
bysarhadisoftengg
 
PPTX
Intrusion detection system
byAparna Bhadran
 
PPTX
DDoS ATTACKS
byAnil Antony
 
PPTX
Network attacks
byManjushree Mashal
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
DDoS Attack PPT by Nitin Bisht
byNitin Bisht
 
CS6004 Cyber Forensics
byKathirvel Ayyaswamy
 
Information security and Attacks
bySachin Darekar
 
RSA ALGORITHM
bySathish Kumar
 
Intruders and Viruses in Network Security NS9
bykoolkampus
 
Ethical hacking
byAltacit Global
 
Information Security & Cryptography
byArun ACE
 
Intrusion detection and prevention system
byNikhil Raj
 
Finalppt metasploit
bydevilback
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
Wired and Wireless Network Forensics
bySavvius, Inc
 
Block Ciphers and the Data Encryption Standard
byDr.Florence Dayana
 
Module 6 Session Hijacking
byleminhvuong
 
Packet sniffing
byShyama Bhuvanendran
 
Ipspoofing
byAkhil Kumar
 
DES (Data Encryption Standard) pressentation
bysarhadisoftengg
 
Intrusion detection system
byAparna Bhadran
 
DDoS ATTACKS
byAnil Antony
 
Network attacks
byManjushree Mashal
 
Sql injection in cybersecurity
bySanad Bhowmik
 

Similar to Session hijacking

PPT
chapter5sfawefafsfsfasfafafsafsafasfasfafafasfaf.ppt
byVerdiFerdiansyah1
 
PPTX
sessionhijacking-130928105302-phpapp02.pptx
bykotapallysritej
 
PDF
what is transport layer what are the typical attacks in transport l.pdf
bybrijeshagarwa329898l
 
PDF
difference and types in sessionhijacking.pdf
byjayaprasanna10
 
PDF
sessionhijacking-130928105302-phpapp02.pdf
byAyuRosyidazain1
 
PPTX
Brute force Attacks and Session Hijacking
byRajesh Madathil
 
PPTX
Keshav tiwari 20803001_TCP Session Hijacking.pptx
byकेशव तिवारी
 
PPTX
Session hijacking
byVishal Punjabi
 
PPTX
Internet security
bygOhElprashanT
 
PPTX
Internet security
bygohel
 
PDF
Module 10 (session hijacking)
byWail Hassan
 
PPT
Ethical Hacking : Why Do Hackers Attack And How ?
byHBServices7
 
PPT
hacking lecture 3c.ppt
bypeter722626
 
PPTX
A survey on Session Hijacking
bySeyyedAliAyati
 
PDF
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
byIOSR Journals
 
PPTX
Attacks and their mitigations
byMukesh Chaudhari
 
PPTX
UNIT 5 (2).pptx
byjanani603976
 
PDF
Session hijacking
bymamatnamaku
 
PPT
6005679.ppt
byAlmaOraevi
 
PPT
CS10NETWOKSecurityhdhgsfdhsdheahgqergd.ppt
bymohammednisath
 
chapter5sfawefafsfsfasfafafsafsafasfasfafafasfaf.ppt
byVerdiFerdiansyah1
 
sessionhijacking-130928105302-phpapp02.pptx
bykotapallysritej
 
what is transport layer what are the typical attacks in transport l.pdf
bybrijeshagarwa329898l
 
difference and types in sessionhijacking.pdf
byjayaprasanna10
 
sessionhijacking-130928105302-phpapp02.pdf
byAyuRosyidazain1
 
Brute force Attacks and Session Hijacking
byRajesh Madathil
 
Keshav tiwari 20803001_TCP Session Hijacking.pptx
byकेशव तिवारी
 
Session hijacking
byVishal Punjabi
 
Internet security
bygOhElprashanT
 
Internet security
bygohel
 
Module 10 (session hijacking)
byWail Hassan
 
Ethical Hacking : Why Do Hackers Attack And How ?
byHBServices7
 
hacking lecture 3c.ppt
bypeter722626
 
A survey on Session Hijacking
bySeyyedAliAyati
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
byIOSR Journals
 
Attacks and their mitigations
byMukesh Chaudhari
 
UNIT 5 (2).pptx
byjanani603976
 
Session hijacking
bymamatnamaku
 
6005679.ppt
byAlmaOraevi
 
CS10NETWOKSecurityhdhgsfdhsdheahgqergd.ppt
bymohammednisath
 

Session hijacking

  • 1.
  • 2.
    Contents:  Introduction tosession hijacking  TCP session hijacking  TCP session hijacking with packet blocking  Session hijacking tools  UDP hijacking  Prevention
  • 3.
    What is session? •A lasting connection between a user and a server usually involving the exchange of many requests 5. Validate Session CLIENT SERVER SESSIO N DATA 1. Request connection 2.Create session 3. Session id 4. Session id passed 6. Retrieve Session id 7. Successful response
  • 4.
    Session Hijacking  SessionHijacking is the act of taking control of a user session after successfully obtaining of an authenticate session Id.  Session hijacking involves an attack using captured session id to grab control of legitimate users web application session while that application still in progress.  Session hijacking takes place at
  • 5.
    TCP SESSION HIJACKING Hacker takes control of a TCP session between two hosts.  It can be hijacked after hosts have authenticated successfully.  The authentication process followed by TCP is defined as a three-way handshake method.
  • 6.
  • 7.
    Categories of TCPSession Hijacking  Based on the anticipation of sequence numbers there are two types of TCP hijacking: ◦ Blind Hijacking ◦ Man-in-the-middle (MITM) attack
  • 8.
    Man-in-the-middle (MITM) A hackercan also be "inline" between B and C using a sniffing program to watch the sequence numbers and acknowledge numbers in the IP packets transmitted between B and C. And then hijack the connection. This is known as a "man-in-the-middle attack".
  • 9.
    Continuous ACK transfer Losing the ACK packet  Ending connection  Resynchronizing client and server
  • 10.
  • 11.
  • 12.
  • 13.
    TCP session hijackingwith packet blocking
  • 14.
    Methods of TCPsession hijacking with packet blocking  Route Table Modification Route table can be seen by netstat – nra command at console prompt in Windows or Linux/ Unix O.S There are two entries in Linux route table 1. Way to all the node within the LAN 2. Way to all the addresses not on the LAN
  • 15.
  • 16.
    Sections of routetable  The active route  The active connection
  • 17.
  • 18.
    Active connection section Network addresses of computers that are connected to host computer can be seen by netstat –F (or netstat –n) on Linux box and active connection section on window box.
  • 19.
  • 20.
    ARP(Address Resolution Protocol) attack ARP table on computer stores the IP address and corresponding MAC address  ARP table can be seen by arp –a command at console prompt.
  • 21.
  • 22.
  • 23.
    Session hijacking tools Hunt •It performs sniffing and session hijacking • Hunt tool provides following menu option 1. Listing 2. Watching 3. Resetting connections • It hijack a session through ARP attack • Allows hacker to synchronize connection among host and server during session hijacking.
  • 24.
    UDP Hijacking  Itdoes not have error recovery features  More vulnerable to hijacking  Vitim is local computer not server
  • 25.
  • 26.
  • 27.
    Storm watching  Refersto watch for abnormal increases in network traffic and alert the security officer when they occur.  Two packets with the same header information but different sizes could be evidence of hijacking.
  • 28.
    SUMMERY  Hijacking isthe process of taking the authority of the authorized person and inject itself in network as legitimate user.  Hijacking can be done in TCP session hijacking, packet blocking, UDP hijacking.  Hunt is session hijacking tool.  For prevention from hijacking SSH and TLS protocols are used.
  • 29.
    QUESTIONS  Explain howsession hijacking is achieved?  Explain TCP session hijacking with packet blocking?  Explain following terms: i) Hunt ii) Storm watching
  • 30.