• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » Session Hijack and Session Hijacking : Basics

By Abhishek Ghosh January 1, 2013 2:16 am Updated on January 1, 2013

Session Hijack and Session Hijacking : Basics

Advertisement

Session hijack is the method used for hijacking a password protected session to gain unauthorized access in communication between 2 computers including Internet. So the Happy New Year’s post is starting with an uncanny article on Session Hijack and how this Session Hijacking is done.

 

Session Hijack and Session Hijacking : Basics

 

There is an existing small difference between these two words – Session Hijack and Session Hijacking, apart from the grammatical difference. The difference lies in deployment in the process – active and passive. But with the widespread usage of the two words synonymously has merged the difference in to one entity. In a communication initially a logical session is established. One of the communication partner is authenticated to the other within the session, this is a trust and to to carry out the kidnapping of this session exploit the trust to obtain the same privileges of the legally authenticated users.

Because the communication over computer networks in divided layers, this attack can be carried out on each layer. Session hijacking is similar to spoofing attack, however, to the attacker at the time of attack has all the necessary information.

Advertisement

---

 

Session Hijack and Session Hijacking :  Methods and Countermeasures

 

Session hijack is initially a passive sniffing ahead of data communication. The attacker collects the necessary information for the attack. These happens via unencrypted protocols like HTTP, Telnet, FTP, POP3 etc.; the attacker either directly access to the physical layer (network cable, wireless network) or the communication process through a man-in-the-middle attack (Janus attack) and redirect themselves. If the data transmission is encrypted, the attacker must break this encryption first.

 

Session Hijack and Session Hijacking

Vim
1
The image is of unrelated software named Audio Hijack Pro Logo has been used for fair usage purpose.

 

The user establishes a TCP connection using three-way handshake. The attacker attempts to take over after the authentication by the response packets happens (ACK manipulation) and sends the addressed server or client a more faster response than the original. SSL / TSL only prevents sniffing-style attacks, that actually screens out a big percentage but basically can not fully prevent Session Hijack and Session Hijacking.

Basically, each HTTP request from the Web server is received as a new connection and is processed and immediately closed. Since many web applications are still dependent on it, assigned users can request over the duration.
In case of encryption, at the beginning of each session a unique session ID generated by the user’s browser is sent to all subsequent requests, to identify the server or client. The session ID is like a GET or POST argument and in most cases – a cookie is sent. The attacker can read or guess the session ID.

There are basically two ways to prevent session hijacking : First, by already sniffing the necessary information through encrypted transmissions or by second way for example in a challenge-response authentication method. For example, HTTPS is used to authenticate the server to the client using a digital certificate ahead and then it encrypts the payload of the connection. As with any use of cryptography it is not enough safe in theory.

The actual treatment is to close the server connection and restart. Exploits like WhatsApp sniffer, DroidSheep for Android and exploited Firesheep (for Firefox).

Know it clearly – Opera and Chrome are the most secure browsers.

 

Abhishek-GhoshTagged With basic hijacking session , hijack techniques , session hijacking basic , session hijacking basics , session hijacking countermeasures , session hijacking technique , the use of https and how it prevents from sessionn hijack
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Session Hijack and Session Hijacking : Basics

  • Nginx WordPress Installation Guide (All Steps)

    This is a Full Nginx WordPress Installation Guide With All the Steps, Including Some Optimization and Setup Which is Compatible With WordPress DOT ORG Example Settings For Nginx.

  • Domain Hijacking and DNS Hijacking

    Domain Hijacking and DNS Hijacking are sophisticated thefts, former is changing the registration of a domain name and later is the deliberate alteration of DNS.

  • WordPress & PHP : Different AdSense Units on Mobile Devices

    Here is How To Serve Different AdSense Units on Mobile Devices on WordPress With PHP. WordPress Has Function Which Can Be Used In Free Way.

  • URL Hijack by Spam Trackback through 302 Redirection in WordPress

    URL Hijack by Spam Trackbacks through 302 Redirection in Wordpress is getting a popular method nowadays. Know about how to prevent URL Hijacking.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Affordable Earphone/IEM for Audiophiles: HiFiMan RE-400 WaterlineOctober 2, 2023
  • What is Hardware Security Module (HSM)September 30, 2023
  • Transducer Technologies of HeadphonesSeptember 28, 2023
  • What is Analog-to-Digital Converter (ADC)September 27, 2023
  • Comparison of Tube Amplifiers and SemiconductorsSeptember 26, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy