• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Session Hijack and Session Hijacking : Basics

By Abhishek Ghosh January 1, 2013 2:16 am Updated on January 1, 2013

Session Hijack and Session Hijacking : Basics

Advertisement

Session hijack is the method used for hijacking a password protected session to gain unauthorized access in communication between 2 computers including Internet. So the Happy New Year’s post is starting with an uncanny article on Session Hijack and how this Session Hijacking is done.

 

Session Hijack and Session Hijacking : Basics

 

There is an existing small difference between these two words – Session Hijack and Session Hijacking, apart from the grammatical difference. The difference lies in deployment in the process – active and passive. But with the widespread usage of the two words synonymously has merged the difference in to one entity. In a communication initially a logical session is established. One of the communication partner is authenticated to the other within the session, this is a trust and to to carry out the kidnapping of this session exploit the trust to obtain the same privileges of the legally authenticated users.

Because the communication over computer networks in divided layers, this attack can be carried out on each layer. Session hijacking is similar to spoofing attack, however, to the attacker at the time of attack has all the necessary information.

Advertisement

---

 

Session Hijack and Session Hijacking :  Methods and Countermeasures

 

Session hijack is initially a passive sniffing ahead of data communication. The attacker collects the necessary information for the attack. These happens via unencrypted protocols like HTTP, Telnet, FTP, POP3 etc.; the attacker either directly access to the physical layer (network cable, wireless network) or the communication process through a man-in-the-middle attack (Janus attack) and redirect themselves. If the data transmission is encrypted, the attacker must break this encryption first.

 

Session Hijack and Session Hijacking

Vim
1
The image is of unrelated software named Audio Hijack Pro Logo has been used for fair usage purpose.

 

The user establishes a TCP connection using three-way handshake. The attacker attempts to take over after the authentication by the response packets happens (ACK manipulation) and sends the addressed server or client a more faster response than the original. SSL / TSL only prevents sniffing-style attacks, that actually screens out a big percentage but basically can not fully prevent Session Hijack and Session Hijacking.

Basically, each HTTP request from the Web server is received as a new connection and is processed and immediately closed. Since many web applications are still dependent on it, assigned users can request over the duration.
In case of encryption, at the beginning of each session a unique session ID generated by the user’s browser is sent to all subsequent requests, to identify the server or client. The session ID is like a GET or POST argument and in most cases – a cookie is sent. The attacker can read or guess the session ID.

There are basically two ways to prevent session hijacking : First, by already sniffing the necessary information through encrypted transmissions or by second way for example in a challenge-response authentication method. For example, HTTPS is used to authenticate the server to the client using a digital certificate ahead and then it encrypts the payload of the connection. As with any use of cryptography it is not enough safe in theory.

The actual treatment is to close the server connection and restart. Exploits like WhatsApp sniffer, DroidSheep for Android and exploited Firesheep (for Firefox).

Know it clearly – Opera and Chrome are the most secure browsers.

 

Abhishek-Ghosh Tagged With basic hijacking session , hijack techniques , session hijacking basic , session hijacking basics , session hijacking countermeasures , session hijacking technique , the use of https and how it prevents from sessionn hijack

This Article Has Been Shared 162 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Session Hijack and Session Hijacking : Basics

  • Podcast and Podcasting

    Podcast and Podcasting is broadcasting media files either as audio or video over internet and combination of the words Pod of iPod and Casting of Broadcasting.

  • Smart TV, Google Android Based Smart TV OS and Emulation

    Smart TV, Google Android based Smart TV OS can be emulated either officially using the respective SDK or the ISO file and some Virtualization Software.

  • Syntax Highlighting : All About the Colorful Snippets

    Syntax Highlighting is a method for coloring certain words and characters in a text depending on their importance in in an piece of code or snippet.

  • Linux : Basics About Unix-like OS

    Linux referred to the usually free, unix-like Operating systems based on the Linux kernel and is GNU GPL based software. Licensing of the Linux kernel is under GNU GPL.

  • What is SDK (Software Development Kit)?

    What is SDK ? You often come to this terminology, ever wondered what this SDK, which is an abbreviation of Software Development Kit stands for ?

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (21K Followers)
  • Twitter (5.3k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Best Powerpoint Templates for Communicating IoT Concepts April 17, 2021
  • How to Build a DIY Water Level Indicator? April 16, 2021
  • How Startups Can Convince the Investors April 14, 2021
  • What to Know About the Cloud Storage Services for Smartphones April 13, 2021
  • WonderFox HD Video Converter Factory Pro Review April 10, 2021

 

About This Article

Cite this article as: Abhishek Ghosh, "Session Hijack and Session Hijacking : Basics," in The Customize Windows, January 1, 2013, April 19, 2021, https://thecustomizewindows.com/2013/01/session-hijack-and-session-hijacking-basics/.

Source:The Customize Windows, JiMA.in

 

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Cookie Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2021 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy