Definition of session hijacking.
Session hijacking is also referred to as TCP session hijacking, and it entails a security attack of a session of a system user over a network that is protected. It is primarily executed through IP spoofing where an attacker inserts commands through source-routed IP packets into an active communication in order to disguise the attacker as one of the authentic users of the system (Basta and Halton, 2008). Since the user of the network is primarily authenticated at the start of the TCP session, it is conceivable for the attacker to execute IP spoofing with ease.
Types of session hijacking.
There are two general classifications of session hijacking are active and passive session hijacking. Active session hijacking is described as the form of attack in which the attacker identifies, attacks, and subsequently take over an active internet session. This type of session hijacking is highly advanced and requires advanced skill level to execute (Basta and Halton, 2008). Tools used in active session hijacking are capable of predicting the order of number utilized in the TCP session. One of the common forms of active session hijacking is IP spoofing, which utilizes the IP packets in order for the attacker to penetrate a network and disguise himself/herself as one of the authentic users of the system.
Another method of active session hijacking is session fixation, where the attacker fixes the ID of the user’s session before any attempts of logging in by the authentic users are made. In this case, the attacker connects to the target server, which prompts the server to generate tokens which are later used by the attacker to fix the authentic user’s ID (Basta and Halton, 2008).
On the other hand, passive session hijacking refers to the type of attack where the attacker hijacks the system just have a record of the traffic being sent forth (Basta and Halton, 2008). Unlike active session hijacking where the attacker takes over an existing session, in passive session hijacking, the attacker only monitors an ongoing session.
One of the methods used to execute passive session hijacking is session sniffing; where a sniffer tool is used by the attacker to capture session ID of an authentic user in order for him/her to gain unauthorized access to the server (Basta and Halton, 2008). Moreover, the attacker may use cross side scripting to gain unauthorized access to the authentic user’s browser. In this case, a malicious code/program in the form of a link is injected into a user’s browser in order to allow the attacker to have access to any session tokens, cookies or any other browser-related information.
An example of session hijacking case.
There is no specific case available on the Internet regarding a successful session hijacking. However, one article by Dennis (2013) on Makeuseof.om demonstrate how an android tool (DSploit) can be used maliciously to hijack web sessions on the Android systems. According to Dennis (2013), this tool can be used to steal passwords from websites using HTTPS by default, for example, Facebook, Google, and Twitter. Since these websites only use HTTPS when sending sensitive login information, which leaves some parts of the session open to hijacking, Dennis (2013) demonstrated that it is possible to use Dsploit to hijack Amazon.com session running on a computer. As a result, it was possible to access every information regarding the Amazon account using a phone (Dennis, 2013).
References.
Basta, A., and Halton, W. (2008). Computer security and penetration testing. Boston: Thomson.
Dennis, R. (2013). Stealing Passwords With An Android App Is Easy: Learn How To Protect Yourself. Retrieved January 14, 2017, from http://www.makeuseof.com/tag/stealing- passwords-with-an-android-app-is-easy-learn-how-to-protect-yourself/
