2. Topics
• Session Hijacking
• Difference Between Spoofing & Hijacking
• Types of Session Hijacking
• Session Hijacking Tools
• Session Hijacking With Firesheep
• Preventions to Session Hijacking
• Conclusion
www.facebook.com/officialrahultyagi
3. Session Hijacking
Session Hijacking is when
an attacker gets access to
the session state of a
particular user.
The attacker steals a valid
session ID which is used to
get into system and retrieve
the data
www.facebook.com/officialrahultyagi
4. Spoofing & Hijacking
In spoofing , an attacker
does not actively take
another user offline to
perform the attack. He
mainly pretends to be
another user or machine
to gain access.
Its done through Cain n
Abel
www.facebook.com/officialrahultyagi
5. Spoofing & Hijacking
Hijacking is done only after
victim has connected to the
server. With hijacking , an
attacker takes over an existing
session, which means he relies
on the legitimate user to make a
connection and authenticate.
At last the attacker takes over
the session.
www.facebook.com/officialrahultyagi
6. Steps in Session Hijacking
1.First you should able to sniff the network
2.Monitor the flow of packets
3. Predict the sequence number
4.Kill the connection to the victim’s machine
5. Take over the session
6. Start injecting packets to the target server
www.facebook.com/officialrahultyagi
7. Types of Hijacking
Active:- In an active attack , an
attacker finds an active session
and takes over.
Passive:- With passive attack, an
attacker hijacks a session, but
sits back, and watches and
records all the traffic that s
being sent forth
www.facebook.com/officialrahultyagi
8. Session Hijacking With Firesheep
Firesheep
Firesheep is free, open source, and is
available now for Mac OS X and
Windows. Linux support is on the way.
When logging into a website you
usually start by submitting your
username and password. The server
then checks to see if an account
matching this information exists and if
so, replies back to you with a "cookie"
which is used by your browser for all
www.facebook.com/officialrahultyagi
subsequent requests.
9. Session Hijacking With Firesheep
It's extremely common for websites to
protect your password by encrypting
the initial login, but surprisingly
uncommon for websites to encrypt
everything else. This leaves the
cookie (and the user) vulnerable.
HTTP session hijacking (sometimes
called "sidejacking") is when an
attacker gets a hold of a user's cookie,
allowing them to do anything the user
can do on a particular website. On an
open wireless network, cookies are
basically shouted through the air,
making these attacks extremely easy.
www.facebook.com/officialrahultyagi
10. Session Hijacking With Firesheep
After installing the extension you'll see
a new sidebar. Connect to any busy
open wifi network and click the big
"Start Capturing" button. Then wait.
www.facebook.com/officialrahultyagi
11. Session Hijacking With Firesheep
As soon as anyone on the network
visits an insecure website known to
Firesheep, their name and photo will
be displayed:
www.facebook.com/officialrahultyagi
12. Session Hijacking With Firesheep
Double-click on someone, and you're
instantly logged in as them.
www.facebook.com/officialrahultyagi
13. Conclusion
Websites have a responsibility to protect the
people who depend on their services. They've
been ignoring this responsibility for too long, and
it's time for everyone to demand a more secure
web.
www.facebook.com/officialrahultyagi