Skip to main content

What is session hijacking and how to prevent it.

What is session hijacking

Session Hijacking, Cookie-Stealing WordPress Malware ...
Session hijacking is a type of web attack where an attacker takes advantage of an active session.The attack relies on the knowledge of your session cookie, so it is also called cookie hijacking or cookie side-jacking. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications.

In most cases when we log in web applications, the server always sets a temporary session cookie in your browser to remember you are currently logged in and authenticated.

For an attacker to perform session hijacking, he or she needs to know your session id.This can be done by stealing the session cookie or by persuading the user to click on an malicious link.In both cases the attacker can take over the session by using the same session id on his own browser session.And with that  the server has been fooled into treating the attackers session to be the original valid connection.


What are the main methods of Session hijacking.

Attackers can hijack a session in many different ways
  • Cross-site scripting(XSS): OWASP names cross-site scripting as among the top ten web application security risks and is most dangerous method of session hijacking.A server can be vulnerable to cross-site scripting exploit which allows the attacker to inject client side script (usually in javascript) gathering session information.An attacker can target a victim by sending the victim a scripted javaScript link, which upon opening by the user, runs the code in the browser hence hijacking the sessions
  • Session side jacking: In this kind of attack the attackers will be monitoring the network.Using packet sniffing, attackers can monitor the victims traffic and intercept session cookies after the user has authenticated the server. If the website only uses SSL/TLS encryption for the login pages and not for the entire session, the attacker can use the sniffed session key to hijack the session and impersonate the user to perform actions in the targeted web application.Because the attacker needs access to the victim’s network, typical attack scenarios involve unsecured Wi-Fi hotspots, where the attacker can either monitor traffic in a public network or set up their own access point and perform man-in-the-middle attacks.Illustration of session hijacking using packet sniffing

  • Cookie theft by malware or direct access:To get cookies from a victim is just to install a malware in the victims computer to perform  automated session sniffing. Another way of getting the session key is by directly accessing the cookie file in the client browser’s temporary local storage (often called the cookie jar). And again an attacker with local or remote access to the system.


How Can You Prevent Session Hijacking?

  • Use HTTPS to ensure SSL/TLS encryption of all session traffic. This will prevent the attacker from intercepting the plaintext session ID, even if they are monitoring the victim’s traffic. Preferably, use HSTS (HTTP Strict transport security) to guarantee that all connections are encrypted.
  • End-to-End encryption between the user’s browser and the web server using secure HTTP or SSL, which prevents unauthorized access to the session ID.
  • Perform additional user identity verification beyond the session key. This means using not just cookies, but also other checks, such as the user’s usual IP address or application usage patterns. The downside of this approach is that any false alarms can be inconvenient or annoying to legitimate users. A common additional safeguard is a user inactivity timeout to close the user session after a set idle time.
  • Change the session key after the original authentication.
  • There should be an automatic log off if a session ends in use, and the client should be required to re-authenticate using a different session ID

Comments

Post a Comment

Popular posts from this blog

TTY in linux and how to use it

Ok, how about we start with what is TTY.It stands for “teletypewriter.” What can tty tell us. In Linux, there is a pseudo-teletype multiplexor which handles the connections from all of the terminal window pseudo-teletypes (PTS). The multiplexor is the master, and the PTS are the "slaves". The multiplexor is addressed by the kernel through the device file located at /dev/ptmx. The tty command will print the name of the device file that your pseudo-teletype slave is using to interface to the master. And that, effectively, is the number of your terminal window. The output shows that we are connected to to the device file at /dev/pts/4. Our terminal window, which is a software emulation of a teletype (TTY), is interfaced to the pseudo-teletype multiplexor as a pseudo-teletype (PTS). And it happens to be number four.For the number at the end shows that. The Silent Option . The -s (silent) option causes tty to generate no output. This is how it will look on your terminal It do...
1 comment
Read more

Virtualization Technology

    Virtualization is the process of running a virtual instance of a computer system in an abstract layer of the physical hardware.     It ensures efficient utilization of physical computer hardware and is the foundation of cloud computing.     Virtualization uses a software to create an abstraction layer over computer hardware that allows the hardware  elements of a single computer  such as processor, memory , storage and more to be divided into multiple virtual computers , commonly called virtual machines(VMs)     Each VM  runs its own operating system and behaves like an independent computer, even though it is running on just a portion of the actual underlying hardware.     This is the technology that drives the cloud computing economics. This enables cloud providers to serve users with their existing physical computer hardware; it enables cloud users to purchase only the computer in resources they need when ...
Post a Comment
Read more

What are browser cookies and how they work

INTRODUCTION. Most internet users are familiar with the term Cookie because we see it pop up in most websites but do we know the purpose it serves. Let us start with what it is ,   a cookie (  also known as browser cookie , internet cookie , web cookie or HTTP cookie ) is small piece of data that websites store on your disk in the form of a text file.Cookies allow websites to store specific information helpful to remember each visitor uniquely. What do browser cookies do. The purpose of the computer cookie is to help the website track of your visits and activity and is not a bad thing.A good example are the online retailers to keep track of the items in user's shopping cart as they explore the site, without the cookies the shopping cart would reset to zero with every click. A website also uses the cookies to store information about you recent visits or record you login information which i do not really recommend from a security perspective Types of browser cookies. Session co...
5 comments
Read more