Session hijacking refers to the exploitation of a valid computer session where an attacker takes over a session between two computers. The attacker steals a valid session ID, which is used to get into the system and sniff the data. In TCP session hijacking, an attacker takes over a TCP session between two machines. Since most authentications occur only at the start of a TCP session, this allows the attacker to gain access to a machine.
The objective of this lab is to help students learn session hijacking and take necessary actions to defend against session hijacking. In this lab, you will:
Intercept and modify web traffic
Simulate a Trojan, which modifies a workstation’s proxy server settings
According to KrebsonSecurity news and investigation, there is a zero-day vulnerability in yahoo.com that lets attackers hijack Yahoo! email accounts and redirect users to malicious websites. This offers a fascinating glimpse into the underground market for large-scale exploits.
The exploit, being sold for $700 by an Egyptian hacker on an exclusive cybercrime forum, targets an across-site scripting (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo! webmail users. Such a flaw would let attackers send or read email from the victim's account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
KrebsOnSecurity.com alerted Yahoo! to the vulnerability, and the company says it is responding to the issue. Ramses Martinez, director of security at Yahoo!, said the challenge now is working out the exact yahoo.com URL that triggers the exploit, which is difficult to discern from watching the video.
These types of vulnerabilities are a good reminder to be especially cautious about clicking links in emails from strangers or in messages that you were not expecting.
As an administrator you should implement security measures at Application level and Network level to protect your network from session hijacking. Network level hijacks are prevented by packet encryption which can be obtained by using protocols such as IPSEC, SSL, SSH, etc. IPSEC allows encryption of packets on shared keys between the two systems involved in communication.
Application-level security is obtained by using strong session ID. SSL and SSH also provide strong encryption using SSL certificates to prevent session hijacking.
Session Hijacking Exercises
Ethical Hacking Exercises / Session Hijacking contains the following Exercises:
- Session Hijacking Using the Zed Attack Proxy (ZAP)
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
Each subscription provides 6 months access to over 75 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- System Hacking
- Trojans and Backdoors
- Viruses and Worms
- Social Engineering
- Denial of Service
- Session Hijacking
- Hacking Webservers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Evading IDS, Firewalls and Honeypots
- Buffer Overflow