4. What is Session Hijacking ? Session hijacking is when an attacker gets access to the session state of a legitimate user. The attacker steals a valid session ID which is used to get into the system and retrieve the data
11. Method (steps) Place yourself between the victim and the target (you must be able to sniff the network) Monitor the flow of packets Predict the sequence number Optionally kill the connection to the victim’s machine Take over the session Start injecting packets to the target server
12. Mitigations Use a secure HTTPS protocol Use a VPN when connecting remotely Protect access to your own networks Limit exposure to untrusted networks Educate the employees
13. Tools Juggernaut Hunt TTY Watcher IP Watcher T-Sight Parros HTTP Hijacker DroidSheep for Android Firesheep (Firefox addon)
14. Firesheep Firesheep is a free, open source, and is now available for Mac OS X and Windows. Linux support is on the way. Find it here- https://github.com/codebutler/firesheep/downloads