Introduction to Session Hijacking

[toggle_content title="Transcript"] Leo Dregier here in this module I want to talk about session hijacking. Now session hijacking is really fun penetration testing technique. Reason being is because you will ask somebody else to do all of the hard work and then you just take over their session. So you let then authenticate get access of the systems and then literally just take it over. So there is a couple of different ways in which we can go about doing that. One way is to actually brute force these session ID the session mechanisms. Every client server architecture is going to have some sort of mechanism or method in which the client and server keep track of each other. Some of this is easily disclosed simply by how we interact with the websites. Others are going to be little bit more difficult to enumerate. This is what we call blind session hijacking so we have application session hijacks. We have network session hijacking we need to deeply take apart the TCP/IP process and look at everything that goes on at layer three and all the way up to layer seven in a OSI model and we are going to talk about some of the advanced mechanisms and actually how this session hijacking takes place and then we will follow up with some of the tools that have locked over history some that still worked great today and some that are little bit outdated but also fun when they were available. So we are going to cover everything from basics of session hijacking. All the way to advanced session hijacking and from the network layer all the way up to the application layer. So stick with me and let us get started. [/toggle_content] In this module, you’ll learn different types of session hijacking, the different ways of launching a session hijack, how to dissect the TCP/IP Protocol Stack and what takes place at each layer of the protocol. You’ll also learn advanced techniques for session hijacking at both the network and application layer, and the impact of both. Finally, you'll examine the techniques that are and aren't in use, and the current tools today. The topics explored in the Session Hijacking module include:
  • Whiteboard, which shows the interrelationship of all the basic components you’ll utilized for this module
  • And the following labs:
    • Hamster Lab
    • Ferret Lab
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge



Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?