Skip to main content

What is session hijacking and how to prevent it.

What is session hijacking

Session Hijacking, Cookie-Stealing WordPress Malware ...
Session hijacking is a type of web attack where an attacker takes advantage of an active session.The attack relies on the knowledge of your session cookie, so it is also called cookie hijacking or cookie side-jacking. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications.

In most cases when we log in web applications, the server always sets a temporary session cookie in your browser to remember you are currently logged in and authenticated.

For an attacker to perform session hijacking, he or she needs to know your session id.This can be done by stealing the session cookie or by persuading the user to click on an malicious link.In both cases the attacker can take over the session by using the same session id on his own browser session.And with that  the server has been fooled into treating the attackers session to be the original valid connection.


What are the main methods of Session hijacking.

Attackers can hijack a session in many different ways
  • Cross-site scripting(XSS): OWASP names cross-site scripting as among the top ten web application security risks and is most dangerous method of session hijacking.A server can be vulnerable to cross-site scripting exploit which allows the attacker to inject client side script (usually in javascript) gathering session information.An attacker can target a victim by sending the victim a scripted javaScript link, which upon opening by the user, runs the code in the browser hence hijacking the sessions
  • Session side jacking: In this kind of attack the attackers will be monitoring the network.Using packet sniffing, attackers can monitor the victims traffic and intercept session cookies after the user has authenticated the server. If the website only uses SSL/TLS encryption for the login pages and not for the entire session, the attacker can use the sniffed session key to hijack the session and impersonate the user to perform actions in the targeted web application.Because the attacker needs access to the victim’s network, typical attack scenarios involve unsecured Wi-Fi hotspots, where the attacker can either monitor traffic in a public network or set up their own access point and perform man-in-the-middle attacks.Illustration of session hijacking using packet sniffing

  • Cookie theft by malware or direct access:To get cookies from a victim is just to install a malware in the victims computer to perform  automated session sniffing. Another way of getting the session key is by directly accessing the cookie file in the client browser’s temporary local storage (often called the cookie jar). And again an attacker with local or remote access to the system.


How Can You Prevent Session Hijacking?

  • Use HTTPS to ensure SSL/TLS encryption of all session traffic. This will prevent the attacker from intercepting the plaintext session ID, even if they are monitoring the victim’s traffic. Preferably, use HSTS (HTTP Strict transport security) to guarantee that all connections are encrypted.
  • End-to-End encryption between the user’s browser and the web server using secure HTTP or SSL, which prevents unauthorized access to the session ID.
  • Perform additional user identity verification beyond the session key. This means using not just cookies, but also other checks, such as the user’s usual IP address or application usage patterns. The downside of this approach is that any false alarms can be inconvenient or annoying to legitimate users. A common additional safeguard is a user inactivity timeout to close the user session after a set idle time.
  • Change the session key after the original authentication.
  • There should be an automatic log off if a session ends in use, and the client should be required to re-authenticate using a different session ID

Comments

Post a Comment

Popular posts from this blog

TTY in linux and how to use it

Ok, how about we start with what is TTY.It stands for “teletypewriter.” What can tty tell us. In Linux, there is a pseudo-teletype multiplexor which handles the connections from all of the terminal window pseudo-teletypes (PTS). The multiplexor is the master, and the PTS are the "slaves". The multiplexor is addressed by the kernel through the device file located at /dev/ptmx. The tty command will print the name of the device file that your pseudo-teletype slave is using to interface to the master. And that, effectively, is the number of your terminal window. The output shows that we are connected to to the device file at /dev/pts/4. Our terminal window, which is a software emulation of a teletype (TTY), is interfaced to the pseudo-teletype multiplexor as a pseudo-teletype (PTS). And it happens to be number four.For the number at the end shows that. The Silent Option . The -s (silent) option causes tty to generate no output. This is how it will look on your terminal It do...
1 comment
Read more

Virtualization Technology

    Virtualization is the process of running a virtual instance of a computer system in an abstract layer of the physical hardware.     It ensures efficient utilization of physical computer hardware and is the foundation of cloud computing.     Virtualization uses a software to create an abstraction layer over computer hardware that allows the hardware  elements of a single computer  such as processor, memory , storage and more to be divided into multiple virtual computers , commonly called virtual machines(VMs)     Each VM  runs its own operating system and behaves like an independent computer, even though it is running on just a portion of the actual underlying hardware.     This is the technology that drives the cloud computing economics. This enables cloud providers to serve users with their existing physical computer hardware; it enables cloud users to purchase only the computer in resources they need when ...
Post a Comment
Read more

Improve your Efficiency in Linux using "Alias" command

Have you ever tried to make a custom  command in Linux that can do a specific function. Fear not today we are going to look at how we can do that and increase our efficiency in Linux using the "alias" command What is an alias in Linux So,normally we have to use Linux commands frequently and typing the same commands over and over again can reduce efficiency .And that is one of the reasons we use the aliases List currently defined Aliases in Linux You can see a list of defined aliases on your profile  by simply executing the alias command and it will do the magic. here you can see the default aliases for the Linux systems. How to create Aliases in Linux. Create temporary Aliases:           alias alias_name='command' here is an actual example          alias la='ls -alh' What you need to do is type the word alias then use the name you wish to use to execute a command followed by "=" sign and quote the command you wish to...
1 comment
Read more