What is session hijacking?
Session Hijacking is when an attacker gets access to Session Hijacking is when an attacker gets access to the session state of a particular user. The attacker steals a valid session ID which is used to get into the system and snoop the data.TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.
Types of Session Hijacking
There are two types of session hijacking attacks:
Active: In an active attack, an attacker finds an active session and takes over
Passive: With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth.
Steps in Session Hijacking
Place yourself between the slave and the target (you must be able to sniff the network)
Monitor the flow of packets
Predict the sequence number
Kill the connection to the slave’s machine
Take over the session
Start injecting packets to the target server.
Tools:
Juggernaut:
Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux operating systems.
Download: http://tools.l0t3k.net/Sniffing/aimsniff-0.9b.tar.gz
Hunt:
Hunt is a program that can be used to listen, intercept, and hijack active sessions on a network.
Download: http://www.security-science.com/security...1.5bin.zip
IP Watcher:
IP watcher is a commercial session hijacking tool that allows you to monitor connections and has active facilities for taking over a session.
Download: http://dl.filekicker.com/send/file/20825...rSetup.exe
Paros HTTP Hijacker:
Paros is a man-in-the-middle proxy and application vulnerability scanner.
Download: http://sourceforge.net/projects/paros/fi...t/download
T-Sight:
T-Sight is a session hijacking tool for Windows.
Session Hijacking is when an attacker gets access to Session Hijacking is when an attacker gets access to the session state of a particular user. The attacker steals a valid session ID which is used to get into the system and snoop the data.TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.
Types of Session Hijacking
There are two types of session hijacking attacks:
Active: In an active attack, an attacker finds an active session and takes over
Passive: With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth.
Steps in Session Hijacking
Place yourself between the slave and the target (you must be able to sniff the network)
Monitor the flow of packets
Predict the sequence number
Kill the connection to the slave’s machine
Take over the session
Start injecting packets to the target server.
Tools:
Juggernaut:
Juggernaut is a network sniffer that can be used to hijack TCP sessions. It runs on Linux operating systems.
Download: http://tools.l0t3k.net/Sniffing/aimsniff-0.9b.tar.gz
Hunt:
Hunt is a program that can be used to listen, intercept, and hijack active sessions on a network.
Download: http://www.security-science.com/security...1.5bin.zip
IP Watcher:
IP watcher is a commercial session hijacking tool that allows you to monitor connections and has active facilities for taking over a session.
Download: http://dl.filekicker.com/send/file/20825...rSetup.exe
Paros HTTP Hijacker:
Paros is a man-in-the-middle proxy and application vulnerability scanner.
Download: http://sourceforge.net/projects/paros/fi...t/download
T-Sight:
T-Sight is a session hijacking tool for Windows.
No comments:
Post a Comment
Write your comment here.....