Hello Readers, I already said on my previous article where I mentioned the attacks that are used to bring down a website and in case if you missed it , please check here. Session Hijacking is also one of the attack that is commonly done on websites.For a brief overview on it, Go on with my article.
A session is an approach to store data (in factors) to be utilized over various pages. Dissimilar to a treat, the data is not put away on the clients PC.
Ordinarily kept up by the server
–Includes an information store or a table to store client state and other client particular data
–Includes a record to the table (otherwise known as session key or session-id)
–Created on first demand or after a confirmation procedure
–Session-id traded amongst program and server on each demand.
–Different approaches to trade session-ids
–Hidden Form fields
–Stealing of this session-id and using it to impersonate and access data
–Passive attack difficult to detect
–Guessing Session Id
–shorter length, predictable
–predictable, session created before authenticated
–Session Sniffing (typical on non SSL sessions)
–same subnet as client or server
–Man in the Middle Attack (SSL)
–ARP Poisoning, DNS Spoofing
–Cross Site Scripting (XSS)
–User trusting source, application vulnerability
How to perform Session Hijacking ?
Session Hijacking through Network MITM attacks
- Kali Linux OS
- Grease Monkey Add-on
- Cookie Injector Script
Perform Network Level MITM attack to redirect all the network packets having session values
towards attacker machine.
Start Wireshark to get the ongoing packets.
Go to victim machine and open internet explorer and navigate to Facebook website you can
observe that target internet explorer browser will not redirect Facebook to https site, login with valid username and password and have access with the account.
Meanwhile on the attacker Wireshark will collect all the username password packets and session
To find out the packets contains sessions from other packets just apply a Wireshark filter on the
display filters section.
http.cookie contains datr
Apply the above mentioned Wireshark display filter to see only packets having session value.
Once you got a session packet of Facebook or other website just right click -> copy -> bytes -> printable text only.
Goto Firefox browser on the attacker machine where grease monkey and cookie injector installed
press alt+c, so that you can see a small popup with a text field will come.
Paste the copied session value there and click ok and refresh the page.
You can see the Facebook will be loading with logged in account.
(Note: This is a LAN attack will not apply to remote level attacks.)
Session Hijacking with XSS
Find out the xss vulnerable page and execute the following code into any of the input field to get
the session value.
You will get output like
You will get this:
This article is only for educational purpose
Hope this article Session Hijacking Helps you
Thankyou for reading the article…