Session Hijacking: Comprehensive Analysis of Attacks and Prevention

Verified

Added on 2023/05/27

AI Summary

This report provides a detailed analysis of session hijacking, a cyber-attack that exploits active computer sessions. It discusses various techniques such as using packet sniffers, Cross-Site Scripting (XSS), IP spoofing, and blind attacks. The report also examines tools like Droidsheep, an Android application used for testing network security but also capable of hacking messengers and WiFi networks. Furthermore, it emphasizes the importance of implementing security measures from the user side, including tracking IP addresses and SSL session IDs, using encrypted protocols like OpenSSH, and adding the HttpOnly flag in HTTP response headers to prevent unauthorized access and protect confidential information. The report concludes by highlighting the significance of proactive security protocols in mitigating the risks associated with session hijacking.

Running head: SESSION HIJACKING
Session Hijacking
Name of the Student
Name of the University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2
SESSION HIJACKING
1. Session hijacking is a type of cyber-attack that works on principle of computer sessions.
It takes advantage of active sessions. There are various tools used for session hijacking including
Droidsheep. Droidsheep is an android app that is used for testing the network security. However,
it can also be used for hacking messengers and WiFi networks. Droidsheep application helps in
hacking session key that can be used in both sides of a connection and hack into any messengers.
This application can be downloaded easily on any Android device (Bugliesi et al. 2015). The use
of Droidsheep requires root access for performing in the network. Droidsheep is able to gather
information from any wireless networks. The app steals session keys and use them to connect to
specific website. Therefore, this attack compromise session token by stealing a valid session
token for unauthorized access to internet server. Droidsheep works as a router and intercept all
traffic in the network (Manivannan and Sathiyamoorthy 2017). Hybrid session hijacking
implement both the modes of attack in the passive and active mode for successfully completing
the attacks.
2. Session hijacking plays an important role in stealing confidential and private information
that passes through network. It has the capability of stealing information without knowledge of
user. Various techniques by which session hijacking can be done are as follows:
Using packet Sniffers: In this attack, it collects session ID of the victim for gaining access
to server by using some packet sniffers.

3
SESSION HIJACKING
Figure 1: Packet Sniffers
(Source: Bugliesi et al. 2015)
Cross Site Scripting: Attacks can also collect victim’s Session ID by using XSS attack
using JavaScript. In this technique, attackers send a crafted link to the victim having JavaScript
and on clicking on that link, JavaScript starts running and complete the instruction made by the
attacker (Baitha and Vinod 2018).
<SCRIPT type="text/javascript">
var adr = '../attacker.php?victim_cookie=' + escape(document.cookie);
</SCRIPT>
IP Spoofing: Spoofing refers to pretending to someone else. This technique can be used
for gaining unauthorized access to computer with the help of IP address of trusted host. On

4
SESSION HIJACKING
implementing this technique, hacker need to collect IP address of user and include their own
packets spoofed with IP address of user into TCP session for fooling the server that has been
communicating with the victim.
Blind Attack: In this case, attacker do not sniff packets and require appropriate sequence
number that has been expected by the server, brute force combination of sequence number has
been used.
3. The best for prevention from session hijacking has been enabling security from user side.
It has been recommended that use of preventive measures for the session hijacking has been
helping in maintaining a keen approach in the development of security protocols (Jain, Sahu and
Tomar 2015). The tracking of IP address and SSL session ID has been helping in tracking http
headers.
A secure shell (SSL) has been helping in securing communication channel for transfer of
data and information in the medium. The use of the SSL has been helping in maintaining a
secured approach in the data transfer (Bugliesi et al. 2015). This technique has been helping in
providing a maintained approach by monitoring security protocols in the network layer. The
second approach has been related to using encrypted protocols that have been offered at
OpenSSH suite. The use of OpenSSH suite has been helping in monitoring http secured
connection. The httOnly flag has been added in the secure flag in set_cookie HTTP response
header (Jain, Sahu and Tomar 2015).
Set-Cookie: JSESSIONID=T8zK7hcII6iNgA; Expires=Wed, 21 May 2018 07:28:00 GMT;
HttpOnly; Secure

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5
SESSION HIJACKING
References
Baitha, A.K. and Vinod, S., 2018. Session Hijacking and Prevention Technique. International
Journal of Engineering & Technology, 7(2.6), pp.193-198.
Bugliesi, M., Calzavara, S., Focardi, R. and Khan, W., 2015. CookiExt: Patching the browser
against session hijacking attacks. Journal of Computer Security, 23(4), pp.509-537.
Jain, V., Sahu, D.R. and Tomar, D.S., 2015. Session Hijacking: Threat Analysis and
Countermeasures. In Int. Conf. on Futuristic Trends in Computational Analysis and Knowledge
Management.
Manivannan, S.S. and Sathiyamoorthy, E., 2017. A Prevention Model for Web Application
Session Hijack Attacks in Wireless Networks Using MAC Appended Session ID.