Session Hijacking

Session Hijacking

Session Hijacking is a serious risk issue today which is exploited in many different ways and it is really important to understand on how important it can be in this modern cyber days.

What is Session Hijacking? 

In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In general an attacker will be able to step in and impersonate the victim. Once attacker get hold of an active session he will have a full control for the application or site or a device and he can do what a victim can do. For example if an attacker hijacks session id of a site login he can perform all transaction what Victim can do. The impact of this risk varies from an identity theft to loss of money and there are different types, ways some session hijacking.

Types of Session Hijacking - 

  • Application Hijacking, Which can be done by multiple ways, Below are the common ones and i will be talking in detail in next articles. 
    • Session ID sniffing
    • Session Fixation
    • Session Donation
    • Session ID brute force.
  • Network Level, 
    • Blind Hijacking 
    • Session Sniffing
    • IP Spoofing

How do they attack?

The session token could be compromised in different ways; the most common are:

  • Man in the middle (Public wifi, DNS spoofing, IP spoofing .......)
  • Man in the Browser (Malware, Bad Plugins or Add-ons .......)
  • Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
  • Brute Forcing 
  • Cross site scripting 
  • Session id leakage

How important and serious this risk is?

It's on Number 2 in OWASP Top 10, as i stated earlier the impact of this risk varies from an identity theft to loss of money. 

Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities. (A2-Broken Authentication and Session Management)

OWASP Link for latest updates, 

https://www.owasp.org/index.php/Session_hijacking_attack

https://www.owasp.org/index.php/Top_10_2013-Top_10

Leave a comment