Presentation is loading. Please wait.

Presentation is loading. Please wait.

SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.

Published byJacob Davis Modified over 7 years ago

Similar presentations

Presentation on theme: "SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized."— Presentation transcript:

1 SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized user.

2 METHODS TO COMMIT A SESSION HIJACK IP SPOOFING: A method that the attackers use when they wish to send packets with malicious content to a target machine and do not wish to get identified. SESSION SIDEJACKING: A method, an attacker uses packet sniffing to read network traffic between two parties to steal the session cookies. SESSION FIXATION: In this, an attack fixes the user’s session ID before the user even logs into the target Web server, thereby eliminating the need to obtain the user’s session ID afterwards.

3 CROSS-SITE SCRIPTING: A hacker collects malicious data through a hyperlink from a user. The hyperlink holds the malicious content that is located in a web site. When a user visits a Web site and clicks on the link, the hacker sends the malicious data straight to the web application. After he clicks on the link, another page is created and the malicious content is generated within that page. The user remains absolutely unaware of the forged content and assumes it to be valid data generated from the host Web site.

4 IP SPOOFING It is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with an IP address, indicating that the message is coming from a trusted host. Although the IP address is actually a forged one, in brief, the attacker is fooling (spoofing) the distant computer into believing that they are legitimate hosts of the network.

5 TYPES OF IP SPOOFING NON-BLIND SPOOFING: The attacker is on the same subnet as a victim. The sequence and acknowledgment numbers can be sniffed, thereby eliminating the potential difficulty of calculating them accurately. BLIND SPOOFING: This is a more sophisticated attack, because the sequence and acknowledgment numbers are unreachable. In order to beat this, several packets are sent to the target machine in order to sample sequence numbers. While, most OS’s implement random sequence number generation that makes it difficult to predict them accurately. Machines in the past used basic techniques for generating sequence numbers. It was relatively easier to discover the exact formula by studying the packets and TCP sessions. However, if the sequence number was compromise, data could be sent to the target.

6 IP SPOOFING It is a technique used to gain unauthorized access to computers, whereby the attacker sends messages to a computer with an IP address, indicating that the message is coming from a trusted host. Although the IP address is actually a forged one, in brief, the attacker is fooling (spoofing) the distant computer into believing that they are legitimate hosts of the network.

7 SNIFFING Sniffing, or eavesdropping, is the act of monitoring traffic on the network for data such as plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily read all the plaintext traffic.

8 ARP SPOOFING

9 INTRODUCTION A computer connected to an IP/Ethernet has two addresses: – Address of network card (MAC address): Globally unique and unchangeable address stored on the network card. Ethernet header contains the MAC address of the source and the destination computer. – IP address: Each computer on a network must have a unique IP address to communicate. Virtual and assigned by software.

10 IP communicates by constructing packets. Packet are delivered by Ethernet. 1.Adds an Ethernet header for delivery. 2.Splits the packets into frames. 3.Sends them down the cable to the switch. 4.The switch then decides which port to send the frame to. By comparing the destination address of the frame to an internal table which maps port numbers to MAC addresses.

11 When an Ethernet frame is constructed from an IP packet, it has no idea what the MAC address of the destination machine is. The only information available is the destination IP address. There must be a way to the Ethernet protocol to find the MAC address of the destination machine, given a destination IP. This is where ARP, Address Resolution Protocol, come in.

12 ADDRESS RESOLUTION AND REVERSE ADDRESS RESOLUTION

13

14 HOW ARP FUNCTIONS? 1.Get IP address of target. 2.Create a request ARP message –Fill sender physical address –Fill sender IP address –Fill target IP address –Target physical address is filled with 0 3.The message is passed to the data link layer where it is encapsulated in a frame. –Source address: physical address of the sender. –Destination address: broadcast address.

15 4.Every host or router on the LAN receives the frame. –All stations pass it to ARP. –All machines except the one targeted drop the packet. 5.The target machine replies with an ARP message that contains its physical address. –A unicast message. 6.The sender receives the reply message and knows the physical address of the target machine.

16 – To avoid having to send an ARP request packet each time, a host can cache the IP and the corresponding host addresses in its ARP table (ARP cache). – Each entry in the ARP table is usually “aged” so that the contents are erased if no activity occurs within a certain period. – When a computer receives an ARP reply, it will update its ARP cache. – ARP is a stateless protocol, most operating systems will update their cache if a reply is received, regardless of whether they have sent out an actual request.

17 ARP SPOOFING Construct spoofed ARP replies. A target computer could be convinced to send frames destined for computer A to instead go to computer B. Computer A will have no idea that this redirection took place. This process of updating a target computer’s ARP cache is referred to as “ARP poisoning”.

18 THANK YOU

Download ppt "SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized."

Similar presentations

ARP AND RARP ROUTED AND ROUTING Tyler Bish. ARP There are a variety of ways that devices can determine the MAC addresses they need to add to the encapsulated.

ARP AND RARP ROUTED AND ROUTING Tyler Bish. ARP There are a variety of ways that devices can determine the MAC addresses they need to add to the encapsulated.
ARP Spoofing.

ARP Spoofing.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
ARP: Address Resolution Protocol

ARP: Address Resolution Protocol
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.

 As defined in RFC 826 ARP consists of the following messages ■ ARP Request ■ ARP Reply.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)

CSCI 4550/8556 Computer Networks Comer, Chapter 19: Binding Protocol Addresses (ARP)
ITIS 6167/8167: Network and Information Security Weichao Wang.

ITIS 6167/8167: Network and Information Security Weichao Wang.
Chapter 19 Binding Protocol Addresses (ARP) Chapter 20 IP Datagrams and Datagram Forwarding.

Chapter 19 Binding Protocol Addresses (ARP) Chapter 20 IP Datagrams and Datagram Forwarding.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA.

23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA.
1 Computer Communication & Networks Lecture 20 Network Layer: IP and Address Mapping (contd.) Waleed.

1 Computer Communication & Networks Lecture 20 Network Layer: IP and Address Mapping (contd.) Waleed.
CEN 4500 - Network Fundamentals Chapter 19 Binding Protocol Addresses (ARP) To insert your company logo on this slide From the Insert Menu Select “Picture”

CEN Network Fundamentals Chapter 19 Binding Protocol Addresses (ARP) To insert your company logo on this slide From the Insert Menu Select “Picture”

Similar presentations

Ads by Google