Skip to content

Latest commit

 

History

History
84 lines (80 loc) · 2.81 KB

11.md

File metadata and controls

84 lines (80 loc) · 2.81 KB
Raw

Module 11 - Session Hijacking

concepts

  • definition
  • why is session hijacking successfull
    • Absence of account lockout for invalid session IDs
    • Weak session-ID generation algorithm or small session IDs
    • Insecure handling of session IDs
    • Indefinite session timeout
    • Most computers using TCP/Internet Protocol (IP) are vulnerable
    • Most countermeasures do not work without encryption
  • causes are
    • invalid session ID
    • session ID generation algorithm
    • insecure handling of session id
    • indefinite session timeout
  • session hijacking process
    • Tracking the connection (sniff and monitor)
    • session desynchronization
    • command injection
  • type of session hijacking (passive vs active)
  • session hijacking OSI levels (network vs application)
  • spoofing vs hijacking
  • application level hijacking
    • compromise session id
      • stealing
      • guessing
      • brute forcing
    • sniffing session token
    • predicting session token
    • compromise session token
      • man-in-the middle attack
      • client-side attach
        • XSS (Cross-Site Scripting)
        • Malicious javascript code
        • Trojans
      • CSRF (Cross-Site Request Forgery)
    • Session Fixation - fixes an established session on the victim’s browser, so the attack starts before the user logs in
      • Session set-up phase
      • Fixation phase
      • Entrance phase
    • session replay attack
    • hijacking using proxy servers
    • session donation attack - an attacker creates an account and sends authenticated link to the victim. Next, the attacker convince the victim to provide more information about their account but in reality, it is not their account but the attackers account
  • network level hijacking
    • Blind hijacking - an attacker can inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing
    • UDP hijacking
    • TCP/IP hijacking (attacker predicts next sequence number)
    • RST hijacking
    • MITM: Packet sniffer
    • IP spoofing
  • prevention
    • HSTS (HTTP Strict Transport Security)
    • Token binding
    • HPKP (HTTP Public Key Pinning)
  • IPSec (Internet Protocol Security)
    • components
      • driver
      • IKE (Internet Key Exchange)
      • ISAKMP (Internet Security Association and Key Management Protocol)
      • Oakley
      • IPSec policy agent
    • modes
      • transport
      • tunnel
    • architecture
      • AH (Authentication Header)
      • ESP (Encapsulating Security Payload )
      • DOI (IPsec Domain of Interpretation)
      • ISAKMP (Internet Security Association and Key Management Protocol )
      • Policy

tools

  • burp suite
  • owasp zap
  • bettercap
  • mobile
    • faceniff
    • droidsheep
    • droidsniff

Back to index | Go to next module