If not redirected, please click here https://www.thesecuritybuddy.com/malware-prevention/what-is-session-hijacking/
When a user authenticates himself in a
web server, the session is maintained with a HTTP cookie. And the
cookie is placed in the user's computer. Session Hijacking is an
attack in which an attacker exploits a valid session of a user and
gets unauthorized access to the web server for malicious purposes.
There are couple of methods using which
a Session Hijacking is performed :
Session Fixation : In this
attack, an attacker sets a user's session id to one known to him.
And, when the user falls in trap and logs in to the server, the
attacker impersonates him.
It normally follows these steps :
- An attacker uses social engineering and sends the victim a link containing the predefined session id.
- The victim clicks on the link and a log in screen pops up. When he logs on to the server, the server assigns that session id to the victim (because of vulnerabilities in the web application)
- But, this session id is known to the attacker. So, the attacker now logs in to the server impersonating the victim.
Session Sidejacking : In this
attack, the attacker mainly does packet sniffing and reads the
network traffic between the victim's machine and the server to steal
the session cookie.
It normally follows these steps :
- The victim logs in to the server and starts communicating.
- The attacker uses a packet sniffer and reads the network traffic between them.
- The attacker steals the session cookie.
- The attacker uses the same session cookie to log in to the server and impersonate the victim.
Cross-Site Scripting : In this
attack, the
attacker exploits a victim and inject client side scripts into web
pages viewed by the victim to do malicious activities like steal
sensitive information etc.
It
normally follows these steps :
- The attacker writes a script such that when a user is already logged in to the server and clicks on the link of the script, the session information is transferred to the attacker.
- The attacker uses some social engineering and sends the link to the victim.
- The victim logs in to the server and clicks on the link.
- Session information placed in the cookie is transferred to the attacker.
- The attacker now exploits the session information to log in to the server impersonating the victim.
Using
Malware
: Here, the attacker infects the victim's computer with a malware and
then steals the session cookie.
Just
to give an example :
- The victim installs a software from an untrusted source.
- The victim's computer is infected with a Browser Hijacker.
- The malware changes the security settings of the attacker's browser.
- When the victim logs in to the server, the malware steals the session cookie and transfers it to the attacker.
- The attacker can now log in to the server impersonating the victim.
Countermeasures for Session Hijacking
We can take couple of steps to prevent Session Hijacking.
- Web applications should use SSL/TLS to transfer sensitive data. This will encrypt the data making it difficult for the attacker to steal session cookie or any other information.
- Web applications should use very long random numbers as session key, so that it becomes difficult for the attacker to guess the session key and exploit that.
- After a user authenticates himself, the server should regenerate the session key. It will become difficult for the attacker to guess the session key after the user logs in.
- Web applications should use secondary checks like matching the IP address with that of the previous session etc, to increase the security.
- Web applications can change the cookie with each and every request made by the user's computer. This will limit the attacker to a great extent.
- And, users should always log out of the web applications, as soon as they are done using them.
So,
this was another piece of information on a recent threat. Hope it
helped you.
No comments:
Post a Comment