The concept of session hijacking and how to hijack a session IDs

What is Session IDs ?

A session ID is a unique number that a Web site's server assigns a specific user for the duration of that user's visit (session). The session ID can be stored as a cookie, form field, or URL (Uniform Resource Locator). Some Web servers generate session IDs by simply incrementing static numbers.


For example, when you login to a website, the server assigns you a session Id and sends it to your browser wrapped in a cookie. The browser automatically sends the cookie back in the subsequent requests so the server knows who is making the request.

Example

https://www.hackingtruth.in/view/JBEX25022014152820
https://www.kumaratuljaiswal.in/view/JBEX25022014153020
https://academy.hackingtruth.in/view/JBEX25022014160020
https://iam.kumaratuljaiswal.in/view/JBEX25022014164020


( NOTE :- If seen, the session ID is not visible in the URL of the HTTPS website, because HTTPS is secure and you can see in HTTP website.)



As mentioned above, a session ID parameter appears in URL when a WCP application is first accessed. After the user logs in, WebLogic Server (WLS) generates an entirely new session, with a new session ID. If cookies are enabled in the browser, the new session ID will not appear as a URL parameter.

Concept

Session hijacking is a very interesting topic if we talk about the previous topic. In session hijacking, communication is happening between any two people, ie Attaker, between the client and the host, steals the session id of the client. The concept of session hijacking and how to hijack a session IDs

The attacker usually intercept the communication to obtain the roles of authenticated user or for the intention of Man-in-the-Middle attack.

Session Hijacking

• Session hijacking refers to an attack where an attacker takes over a valid TCP communication session between two computers.

• Since most authentication only occurs at the start of a TCP session, this allows the attacker to gain access to a machine.

• Attackers can sniff all the traffic from the established TCP sessions and perform identity theft, information theft, fraud, etc.

• The attacker steals a valid session ID and use it to authenticate himself with the server.

Session Hijacking Techniques

Session Hijacking process is categorized into the following three techniques :


Stealing

The attacker uses different techniques to steal session IDs.
Some of the techniques used to steal session IDs:

• Using the HTTP referrer header.
• Sniffing the network traffic.
• Using the cross-site-scripting attacks.
• Sending Trojans on client machines.

Guessing

The attacker tries to guess the session IDs by observing variable parts of the session IDs.

• http://www.hackingtruth.in/view/VW48266762824302
• http://www.kumaratuljaiswal.in/view/VW48266762826502
• http://academy.hackingtruth.in/view/VW48266762828902

Brute-Forcing

The attacker attempts different IDs until he succeeds.

• Using brute force attacks, an attacker tries to guess a session ID until he finds the correct session ID.

Other :

Stealing Session IDs

• Using a "referrer attack," an attacker tries to lure a user to click on a link to malicious site (say www.hackingtruth.in)

Sniffing

Attacker attempt to plcae himself in between vivtim and target in order to sniff the packet.


Monitoring

Monitor the traffic flow between victim and target.

Types of Session Hijacking

Active Attack: In an active attack, an attacker finds an acctive session and takes over.

An attacker may send packets to the host in the active attack. In an active attack, the atttacker is manipulating the legitimate users of the connection. As the result of an active attack, the legitimate user is disconneted from the attacker.



Passive Attack: With a passive attack, an attacker hijacks a session but sits back and watches and records all the traffic that is being sent forth.


The essential difference between an active and passive hijacking is that while an active attack takes over an existing session, a passive hijack monitors an ongoing session.

How to Hijack a Session ID ?

We start with jumping into kali Linux"s Terminal and using the most widely used tool such as Ettercap, Hemster, Ferret. we will discuss about how to hijack a session. we will start session hijacking with man-in-the-middle attack and start capturing packets. Here is our attacker machine is kali linux and the victim is our local machine ( own network ).


From Wikipedia

Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer. session hijacking using ettercap hemster ferret


we will  use three types tools here such as :-
Ettercap
Hemster
Ferret








Hijack Session ID :- Click Here



     






I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)