Session Hijacking

What is Session Hijacking?
Session Hijacking is an attack that can be performed by exploiting some vulnerabilities. Session_Token and Session_Id are the most commonly used mechanism used for the authentication purpose. As we all know, HTTP is a stateless protocol that means after each request connection is closed between client and server. So for each request, the server needs to authenticate the request and for that purpose, each technology is using some mechanism like Session_Id or Session_Token. But if an attacker gets access to this Session_Id, he can perform any action on behalf of that user. This kind of attack is called Session Hijacking.
How does Session Hijacking?
The major target of the Session Hijacking attack is to get Session_Id of the user and an attacker can achieve this purpose by exploiting several vulnerabilities. Most common vulnerabilities  which can allow an attacker to hijack the Session_Id are:
  • Predictable Session_Id 
    • When predictable Session_Id is used by any application like serial numbers, it is easy to guess by the attacker and hijack the session. 
  • Session Sniffing 
    • An attacker can use tools like Wireshark to observe the traffic and hijack and steal the Session_Id. 
  • Client-Side attacks 
    • Client-side attacks like Cross-Site Scripting can help an attacker to get access to the Session_Id.
  • Man In Middle Attack 
    • MIM attacks can be performed via setting up the proxies like OWASP ZAP or Burp Suite. 
  • Man In Browser Attack
    • This attack can be performed via browser extensions or malicious AJAX worms.
Example:
Suppose an application is vulnerable to an XSS, an attacker can get the Session_Id Stored in Cookies.

<script>alert(document.cookie);</script>

How to prevent Session Hijacking?
As mentioned above, Session Hijacking can be performed by an attacker by exploiting many vulnerabilities. Following steps can help to protect Session Hijacking:
  • Use random Session_Id.
  • Use HTTPOnly and Secure flag for storing Session_Id in cookies.
  • Protect applications from vulnerabilities like XSS.
  • Always use HTTPS for communication.
  • Use Strong Cyphers and protocols like TLS 1.3.
  • Avoid using un-trusted extensions of browsers.

0 Comments