Session hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The attacker steals a valid session ID, which is used to get into the system and sniff the data. In TCP session hijacking, an attacker takes over a TCP session between two machines. Since most authentications occur only at the start of a TCP session, this allows the attacker to gain access to a machine.
Objective
- Intercept and modify web traffic
- Simulate a Trojan, which modifies a workstation’s proxy server settings
Scenario
The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets an across-site scripting (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! webmail users. Such a flaw would let attackers send or read email from the victim's account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
KrebsOnSecurity.com alerted Yahoo! to the vulnerability, and the company says it is responding to the issue. Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video.
These types of vulnerabilities are a good reminder to be especially cautious about clicking links in emails from strangers or in messages that you were not expecting.
As an administrator you should implement security measures at Application level and Network level to protect your network from session hijacking. Network level hijacks are prevented by packet encryption which can be obtained by using protocols such as IPSEC, SSL, SSH, etc. IPSEC allows encryption of packets on shared keys between the two systems involved in communication.
Application-level security is obtained by using strong session ID. SSL and SSH also provide strong encryption using SSL certificates to prevent session hijacking.
Session Hijacking Exercises
Ethical Hacking Exercises / Session Hijacking contains the following Exercises:
- Session Hijacking Using the Zed Attack Proxy (ZAP)
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- Enumeration
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial of Service
- Session Hijacking
- Evading IDS Firewalls and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing
- Cryptography