Session Hijack and Session Hijacking : Basics

Session hijack is the method used for hijacking a password protected session to gain unauthorized access in communication between 2 computers including Internet. So the Happy New Year’s post is starting with an uncanny article on Session Hijack and how this Session Hijacking is done.

Session Hijack and Session Hijacking : Basics

There is an existing small difference between these two words – Session Hijack and Session Hijacking, apart from the grammatical difference. The difference lies in deployment in the process – active and passive. But with the widespread usage of the two words synonymously has merged the difference in to one entity. In a communication initially a logical session is established. One of the communication partner is authenticated to the other within the session, this is a trust and to to carry out the kidnapping of this session exploit the trust to obtain the same privileges of the legally authenticated users.

Because the communication over computer networks in divided layers, this attack can be carried out on each layer. Session hijacking is similar to spoofing attack, however, to the attacker at the time of attack has all the necessary information.

Session Hijack and Session Hijacking :  Methods and Countermeasures

Session hijack is initially a passive sniffing ahead of data communication. The attacker collects the necessary information for the attack. These happens via unencrypted protocols like HTTP, Telnet, FTP, POP3 etc.; the attacker either directly access to the physical layer (network cable, wireless network) or the communication process through a man-in-the-middle attack (Janus attack) and redirect themselves. If the data transmission is encrypted, the attacker must break this encryption first.

The user establishes a TCP connection using three-way handshake. The attacker attempts to take over after the authentication by the response packets happens (ACK manipulation) and sends the addressed server or client a more faster response than the original. SSL / TSL only prevents sniffing-style attacks, that actually screens out a big percentage but basically can not fully prevent Session Hijack and Session Hijacking.

Basically, each HTTP request from the Web server is received as a new connection and is processed and immediately closed. Since many web applications are still dependent on it, assigned users can request over the duration.
In case of encryption, at the beginning of each session a unique session ID generated by the user’s browser is sent to all subsequent requests, to identify the server or client. The session ID is like a GET or POST argument and in most cases – a cookie is sent. The attacker can read or guess the session ID.

There are basically two ways to prevent session hijacking : First, by already sniffing the necessary information through encrypted transmissions or by second way for example in a challenge-response authentication method. For example, HTTPS is used to authenticate the server to the client using a digital certificate ahead and then it encrypts the payload of the connection. As with any use of cryptography it is not enough safe in theory.

The actual treatment is to close the server connection and restart. Exploits like WhatsApp sniffer, DroidSheep for Android and exploited Firesheep (for Firefox).

Know it clearly – Opera and Chrome are the most secure browsers.