• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Session Hijack and Session Hijacking : Basics

By Abhishek Ghosh January 1, 2013 2:16 am Updated on January 1, 2013

Session Hijack and Session Hijacking : Basics

Advertisement

Session hijack is the method used for hijacking a password protected session to gain unauthorized access in communication between 2 computers including Internet. So the Happy New Year’s post is starting with an uncanny article on Session Hijack and how this Session Hijacking is done.

 

Session Hijack and Session Hijacking : Basics

 

There is an existing small difference between these two words – Session Hijack and Session Hijacking, apart from the grammatical difference. The difference lies in deployment in the process – active and passive. But with the widespread usage of the two words synonymously has merged the difference in to one entity. In a communication initially a logical session is established. One of the communication partner is authenticated to the other within the session, this is a trust and to to carry out the kidnapping of this session exploit the trust to obtain the same privileges of the legally authenticated users.

Because the communication over computer networks in divided layers, this attack can be carried out on each layer. Session hijacking is similar to spoofing attack, however, to the attacker at the time of attack has all the necessary information.

Advertisement

---

 

Session Hijack and Session Hijacking :  Methods and Countermeasures

 

Session hijack is initially a passive sniffing ahead of data communication. The attacker collects the necessary information for the attack. These happens via unencrypted protocols like HTTP, Telnet, FTP, POP3 etc.; the attacker either directly access to the physical layer (network cable, wireless network) or the communication process through a man-in-the-middle attack (Janus attack) and redirect themselves. If the data transmission is encrypted, the attacker must break this encryption first.

 

Session Hijack and Session Hijacking

Vim
1
The image is of unrelated software named Audio Hijack Pro Logo has been used for fair usage purpose.

 

The user establishes a TCP connection using three-way handshake. The attacker attempts to take over after the authentication by the response packets happens (ACK manipulation) and sends the addressed server or client a more faster response than the original. SSL / TSL only prevents sniffing-style attacks, that actually screens out a big percentage but basically can not fully prevent Session Hijack and Session Hijacking.

Basically, each HTTP request from the Web server is received as a new connection and is processed and immediately closed. Since many web applications are still dependent on it, assigned users can request over the duration.
In case of encryption, at the beginning of each session a unique session ID generated by the user’s browser is sent to all subsequent requests, to identify the server or client. The session ID is like a GET or POST argument and in most cases – a cookie is sent. The attacker can read or guess the session ID.

There are basically two ways to prevent session hijacking : First, by already sniffing the necessary information through encrypted transmissions or by second way for example in a challenge-response authentication method. For example, HTTPS is used to authenticate the server to the client using a digital certificate ahead and then it encrypts the payload of the connection. As with any use of cryptography it is not enough safe in theory.

The actual treatment is to close the server connection and restart. Exploits like WhatsApp sniffer, DroidSheep for Android and exploited Firesheep (for Firefox).

Know it clearly – Opera and Chrome are the most secure browsers.

 

Abhishek-Ghosh Tagged With basic hijacking session , hijack techniques , session hijacking basic , session hijacking basics , session hijacking countermeasures , session hijacking technique , the use of https and how it prevents from sessionn hijack

This Article Has Been Shared 648 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Session Hijack and Session Hijacking : Basics

  • Podcast and Podcasting

    Podcast and Podcasting is broadcasting media files either as audio or video over internet and combination of the words Pod of iPod and Casting of Broadcasting.

  • Smart TV, Google Android Based Smart TV OS and Emulation

    Smart TV, Google Android based Smart TV OS can be emulated either officially using the respective SDK or the ISO file and some Virtualization Software.

  • Syntax Highlighting : All About the Colorful Snippets

    Syntax Highlighting is a method for coloring certain words and characters in a text depending on their importance in in an piece of code or snippet.

  • Linux : Basics About Unix-like OS

    Linux referred to the usually free, unix-like Operating systems based on the Linux kernel and is GNU GPL based software. Licensing of the Linux kernel is under GNU GPL.

  • What is SDK (Software Development Kit)?

    What is SDK ? You often come to this terminology, ever wondered what this SDK, which is an abbreviation of Software Development Kit stands for ?

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is an Automatic Ethanol Fireplace February 8, 2023
  • Disadvantages of Cloud-Native Computing February 7, 2023
  • Projector Screen Basics February 6, 2023
  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Session Hijack and Session Hijacking : Basics," in The Customize Windows, January 1, 2013, February 9, 2023, https://thecustomizewindows.com/2013/01/session-hijack-and-session-hijacking-basics/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT