use sessions for hacking

use sessions for hacking
Different Session Hijacking methods:

Session stealing is achieved by following methods

1. Session fixation: 
In this method, the Hacker sets a user’s session id to known victim. For example, Hacker will send email to known victim  with a link that contains a particular session id. If the victim followed that link, the hacker can use that session and gain access.

2. Session SideJacking(session Sniffing):  
In this method, the attacker use packet sniffing to and steal the Session cookie.  In order to prevent this, some websites use SSL(encrypts the session).  but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.

Unsecured Hotspots are vulnerable to this type of Session Hijacking.

3. Client-side attacks (XSS, Malicious JavaScript Codes, Trojans, etc):
Hacker can steal the Session by running the Malicious Javascript codes in client system.  Usually hackers attack some websites using XSS and insert their own Malicious Javascript codes.

In client point view it is trusted website, he will visit the website.  When victim visit the link , Malicious Javascript will executed.  It will steal the Session cookies and other confidential data.

4. Physical access:
If the hacker has physical access, it is easy for him to steal the Session.  Usually this will occur in public cafe.  In public cafe , one use login to some websites(facebook, gmail).  A hacker come after victim can steal the session cookies.

We Provide Services On Following Cities

*Ethical Haker in Ludhiana *Ethical Hacking Services in Ludhiana *Ethical Hacking Services in Mumbai
*Ethical Hacking Services in Delhi *Ethical Hacking Services in Gujarat * Ethical Hacking Services in Chandigarh
use sessions for hacking

Leave a Reply

Your email address will not be published.