Session Hijacking is a type of cyber-attack

Verified

Added on 2023/05/27

AI Summary

Session hijacking is a type of cyber-attack that steals confidential information passing through the network. This article discusses various techniques used for session hijacking and preventive measures to secure communication channels.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SESSION HIJACKING
Session Hijacking
Name of the Student
Name of the University

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2
SESSION HIJACKING
1. Session hijacking is a type of cyber-attack that works on principle of computer sessions.
It takes advantage of active sessions. There are various tools used for session hijacking including
Droidsheep. Droidsheep is an android app that is used for testing the network security. However,
it can also be used for hacking messengers and WiFi networks. Droidsheep application helps in
hacking session key that can be used in both sides of a connection and hack into any messengers.
This application can be downloaded easily on any Android device (Bugliesi et al. 2015). The use
of Droidsheep requires root access for performing in the network. Droidsheep is able to gather
information from any wireless networks. The app steals session keys and use them to connect to
specific website. Therefore, this attack compromise session token by stealing a valid session
token for unauthorized access to internet server. Droidsheep works as a router and intercept all
traffic in the network (Manivannan and Sathiyamoorthy 2017). Hybrid session hijacking
implement both the modes of attack in the passive and active mode for successfully completing
the attacks.
2. Session hijacking plays an important role in stealing confidential and private information
that passes through network. It has the capability of stealing information without knowledge of
user. Various techniques by which session hijacking can be done are as follows:
Using packet Sniffers: In this attack, it collects session ID of the victim for gaining access
to server by using some packet sniffers.

3
SESSION HIJACKING
Figure 1: Packet Sniffers
(Source: Bugliesi et al. 2015)
Cross Site Scripting: Attacks can also collect victim’s Session ID by using XSS attack
using JavaScript. In this technique, attackers send a crafted link to the victim having JavaScript
and on clicking on that link, JavaScript starts running and complete the instruction made by the
attacker (Baitha and Vinod 2018).
<SCRIPT type="text/javascript">
var adr = '../attacker.php?victim_cookie=' + escape(document.cookie);
</SCRIPT>
IP Spoofing: Spoofing refers to pretending to someone else. This technique can be used
for gaining unauthorized access to computer with the help of IP address of trusted host. On

4
SESSION HIJACKING
implementing this technique, hacker need to collect IP address of user and include their own
packets spoofed with IP address of user into TCP session for fooling the server that has been
communicating with the victim.
Blind Attack: In this case, attacker do not sniff packets and require appropriate sequence
number that has been expected by the server, brute force combination of sequence number has
been used.
3. The best for prevention from session hijacking has been enabling security from user side.
It has been recommended that use of preventive measures for the session hijacking has been
helping in maintaining a keen approach in the development of security protocols (Jain, Sahu and
Tomar 2015). The tracking of IP address and SSL session ID has been helping in tracking http
headers.
A secure shell (SSL) has been helping in securing communication channel for transfer of
data and information in the medium. The use of the SSL has been helping in maintaining a
secured approach in the data transfer (Bugliesi et al. 2015). This technique has been helping in
providing a maintained approach by monitoring security protocols in the network layer. The
second approach has been related to using encrypted protocols that have been offered at
OpenSSH suite. The use of OpenSSH suite has been helping in monitoring http secured
connection. The httOnly flag has been added in the secure flag in set_cookie HTTP response
header (Jain, Sahu and Tomar 2015).
Set-Cookie: JSESSIONID=T8zK7hcII6iNgA; Expires=Wed, 21 May 2018 07:28:00 GMT;
HttpOnly; Secure

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5
SESSION HIJACKING
References
Baitha, A.K. and Vinod, S., 2018. Session Hijacking and Prevention Technique. International
Journal of Engineering & Technology, 7(2.6), pp.193-198.
Bugliesi, M., Calzavara, S., Focardi, R. and Khan, W., 2015. CookiExt: Patching the browser
against session hijacking attacks. Journal of Computer Security, 23(4), pp.509-537.
Jain, V., Sahu, D.R. and Tomar, D.S., 2015. Session Hijacking: Threat Analysis and
Countermeasures. In Int. Conf. on Futuristic Trends in Computational Analysis and Knowledge
Management.
Manivannan, S.S. and Sathiyamoorthy, E., 2017. A Prevention Model for Web Application
Session Hijack Attacks in Wireless Networks Using MAC Appended Session ID.

1 out of 5

+13062052269

info@desklib.com

Session Hijacking is a type of cyber-attack

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Cryptography and Individual Privacy

Man-In-The-Middle Attack

Wireless Network Vulnerabilities and Security Measures - Desklib

Risks Associated with Cloud Computing Technology

Network Devices Security: Threats, Potential Damages, and Mitigation Strategies

Risk Assessment Report- Docs