By: Muhammad Bilal
June 17, 2020
Review: Session Hijacking Course
By: Muhammad Bilal
June 17, 2020
News leaks, sensitive information going public, companies facing lawsuits over data leakage, and more other unfortunate events occur every day. These events are caused by the negligence of the digital infrastructure that is used daily. The systems used can be poorly designed and, hence, can leak sensitive data and credentials to hackers in real-time.
In this course of “Session Hijacking,” the instructor focuses on vulnerabilities that hackers exploit to get the information in real-time such as spoofing and sniffing. Using these tactics, it is almost like a hacker is standing next to the individual that they are hacking and can be very dangerous.
A session is used to store data on the webserver. Whenever one browses to a new website, a new session is created on the web server, and a corresponding cookie is created on one’s browser.
Session Hijacking, So what is it exactly?
This type of attack focuses on the targeting of a computer to compromise the user’s session, which is mainly referred to as a session key, to gain unauthorized access to the user’s information and services offered to them on a computer system. The session key is unique and is used by remote servers to identify your device. The main vulnerability that causes the hijacking is within the Network Domain. These can be executed by different methods such as cookie theft, predicting the session key, and client-side attacks, such as cross-site scripting (XSS) attacks.
Cookie Theft, Predicting, and XSS
Cookie theft is also known as Cookie Hijacking because, in this hijacking, HTTP cookies are stolen and are then used to authenticate a user to a server.
Predicting is mainly brute-forcing the session key to match-up one’s own predicted key with the user’s key. This method takes a lot of computational power and time.
XSS refers to cross-site scripting in which an attacker injects malicious script into a web application or site. Once the malicious page is visited, the payload is executed in the session (browser).
Is prevention possible?
Prevention is possible in several ways.
One of these ways is by using encryption algorithms to encrypt the session key, in order to secure it. Other methods discussed by the author are randomizing, regenerating, and extra-checking of the session key.
Are there any practical examples discussed in the course?
The author discusses the man-in-the-middle (MITM) attack using a tool within Kali Linux, named as Ettercap. It is available in the latest version of Kali Linux. MITM attacks can be performed using different methods, such as ARP Poisoning, ICMP Redirects, or DNS Poisoning.
Man-in-the-middle (MITM) is a type of attack that allows an attacker to position himself between two legitimate parties. The attacker's main goal is to listen to the conversation between both parties and intercept the conversation.
ARP Poisoning or ARP Spoofing is a method of sending falsified ARP messages over a network. In this attack, the attacker links its system’s MAC address with the IP addresses of one or more valid systems on the network. The assailant would then be able to get messages that were expected to be sent to the receiver of the IP address. Notwithstanding, rather than the receiver, the assailant will get future messages onward. However, for this attack to initiate, both systems should be in the same broadcast domain.
The main misconception in understanding the session hijacking via this method is that most people misunderstand ARP Spoofing as MAC Spoofing. These two are completely different things.
Keep Learning with Cybrary
The tools provided by the instructor during this course have effective value and can be practiced as one finishes the course. Understanding the concepts at the core will enable one to be better equipped and able to hijack the sessions in your local network. If this short course interests you, enroll in your desired career path today.