What is Session Hijacking in Cyber Security?

May 8, 2018 Author: munishmishra04_3od47tgp
Print Friendly, PDF & Email

Now a days, the usage of web based applications are increasing and the session vulnerabilities are very common in all web applications. Information security is a vital area of concern for all users, which goes beyond the technical domain. It is likely to affect the entire human race if not properly handled. Security is the degree of conflict to, or defense from harm. It applies to any susceptible and precious asset, such as a person, dwelling, community, organization, or nation. The Internet has become immensely popular and used by people of all different backgrounds. It has increased the development of web applications in recent years. Simultaneously, the impact and amount of security vulnerabilities on web applications are also on hike.



Overview  of Session Hijacking?

Session hijacking is an exploitation of a valid web application session or session key, to gain unauthorized access to information or services in a computer system. Due to the stateless nature of the HTTP protocol, web applications require additional measures to keep their users authenticated. To achieve this criterion, session identifiers are used for the authentication process. After a successful authentication, the web application generates the session ID, which will be transmitted to the client. Every HTTP request that contains this session ID is regarded as belonging to this particular user. There are three methods of implementing session identifiers; they are URL query string, hidden form field and browser cookies. In this scenario, session hijacking is a type of attack through which the session ID will be hijacked by an attacker. After hijacking the legitimate user session ID, the attacker can impersonate as a legitimate user in the web application.

Session hijacking occurs when a session token is sent to a client browser from the Web server following the successful authentication of a client logon. A session hijacking attack works when it compromises the token by either confiscating or guessing what an authentic token session will be, thus acquiring unauthorized access to the Web server. This can result in session sniffing, man-in-the-middle or man-in-the-browser attacks, Trojans, or even implementation of malicious JavaScript codes.




Web-based applications frequently use sessions to enhance the customer friendly experience for their users. Web developers are especially wary of session hijacking because the HTTP cookies that are used to sustain a website session can be bootlegged by an attacker.

Session Hijacking Attack

Figure: Session Hijacking Example

The illustration above demonstrates a classic session sniffing situation. Also known as session sidejacking, this is extremely common at places with unsecure WiFi hotspots (coffee shops, restaurants, airports, etc.). The network owner, who can potentially be the attacker, can easily hijack the session by intercepting the traffic from the various nodes.

How Does Session Hijacking Works?

As we know, the http communication uses many TCP connections and so that the server needs a method to recognize every user’s connections. The most used method is the authentication process and then the server sends a token to the client browser. This token is composed of a set of variable width and it could be used in different ways, like in the URL, in the header of http requisition as a cookie, in other part of the header of the http request or in the body of the http requisition. The attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the web server. This compromising of session token can occur in different ways. We are now going to see the two ways as session sniffing and cross-site script attack.

How to prevent Session Hijacking attacks?

Before diving into remediation and mitigation techniques, it’s important to determine the susceptibility. If a work network is using old unencrypted protocols such as Telnet, FTP or DNS, the chances of being hacked are extremely high. Common hacking tools such as Juggernaut and Hunt can also be used to determine the session’s immunity.

The most effective countermeasure network-level session hijacking is to pick encrypted transport protocols that enable secure connections. The most commonly recommended protocols today are Secure Shell (SSH), Secure Socket Layers (SSL) and Internet Protocol Security (IPSec). These ensure the session key goes through secure information tunnels.



References

[1] “Chapter 1: Introduction”, available online at: http://shodhganga.inflibnet.ac.in/bitstream/10603/23895/6/06_chapter%201.pdf

[2] Jain, Vineeta, Divya Rishi Sahu, and Deepak Singh Tomar. “Session Hijacking: Threat Analysis and Countermeasures.” In Int. Conf. on Futuristic Trends in Computational Analysis and Knowledge Management. 2015.

[3] “Session Hijacking”, available online at: https://www.techopedia.com/definition/4101/session-hijacking

[4] “Session Hijacking Cheat Sheet, Attack Examples & Protection”, available online at: https://www.checkmarx.com/knowledge/knowledgebase/session-hijacking

[5] “Chapter 7: Session Hijacking Preventer”, available online at: http://shodhganga.inflibnet.ac.in/bitstream/10603/24523/12/12_chapter7.pdf

[6] “What is Session Hijacking and how to prevent it?” available online at: https://www.interserver.net/tips/kb/session-hijacking-prevent/

One Comment

  • www mini militia.com May 26, 2018 at 10:40 pm

    I must say, as a lot as I enjoyed reading what you had to say, I couldnt help but lose interest after a while.

Leave a Reply

Your email address will not be published. Required fields are marked *

Insert math as
Block
Inline
Additional settings
Formula color
Text color
#333333
Type math using LaTeX
Preview
\({}\)
Nothing to preview
Insert