SlideShare ist ein Scribd-Unternehmen logo

Session hijacking

Vishal Punjabi
Vishal Punjabi
Technologie
1 von 14
Downloaden Sie, um offline zu lesen
TOPICS  TCP Concepts-The 3 Way handshake  Session hijacking  Types  Method  Mitigations  Tools  Firesheep
The 3-way Handshake
What is Session Hijacking ?  Session hijacking is when an attacker gets access to the session state of a legitimate user.  The attacker steals a valid session ID which is used to get into the system and retrieve the data
3-Way Handshake
Session Hijacking
Session Hijacking
This is Spoofing not Hijacking
This is Hijacking
Types Of Session Hijacking  Predictable session token  Session sniffing  Client side attacks (XSS, malicious JS codes, trojans etc)  Blind Hijack  Man-in-the-middle (MITM)
Method (steps)  Place yourself between the victim and the target (you must be able to sniff the network)  Monitor the flow of packets  Predict the sequence number  Optionally kill the connection to the victim’s machine  Take over the session  Start injecting packets to the target server
Mitigations  Use a secure HTTPS protocol  Use a VPN when connecting remotely  Protect access to your own networks  Limit exposure to untrusted networks  Educate the employees
Tools  Juggernaut  Hunt  TTY Watcher  IP Watcher  T-Sight  Parros HTTP Hijacker  DroidSheep for Android  Firesheep (Firefox addon)
Firesheep  Firesheep is a free, open source, and is now available for Mac OS X and Windows.  Linux support is on the way. Find it here- https://github.com/codebutler/firesheep/download s

Empfohlen

Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Session hijacking
Session hijackingSession hijacking
Session hijackingPushpinder Singh Joshi
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 

Empfohlen

Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Session hijacking
Session hijackingSession hijacking
Session hijackingPushpinder Singh Joshi
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Cit877[1]
Cit877[1]Cit877[1]
Cit877[1]poonamjindal6
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Net Sec
Net SecNet Sec
Net Secbackdoor
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocolseSAT Journals
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with securityeSAT Publishing House
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network securityKhaled Omar
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hackingjignesh khunt
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Web spoofing
Web spoofingWeb spoofing
Web spoofingkondalarao7
 
Communication security
Communication securityCommunication security
Communication securitySotheavy Nhoung
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptographyMohibullah Saail
 
Protecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingProtecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingSaptha Wanniarachchi
 
Unit 1
Unit 1Unit 1
Unit 1Vinod Kumar Gorrepati
 
Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsOpher Etzion
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingAndy Piper
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingOpher Etzion
 

Weitere ähnliche Inhalte

Was ist angesagt?

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocolseSAT Journals
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with securityeSAT Publishing House
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network securityKhaled Omar
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hackingjignesh khunt
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Protecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingProtecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingSaptha Wanniarachchi
 

Was ist angesagt? (19)

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)
 
Cit877[1]
Cit877[1]Cit877[1]
Cit877[1]
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)
 
Net Sec
Net SecNet Sec
Net Sec
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocols
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with security
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network security
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hacking
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Web spoofing
Web spoofingWeb spoofing
Web spoofing
 
Communication security
Communication securityCommunication security
Communication security
 
Spoofing
SpoofingSpoofing
Spoofing
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptography
 
Protecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingProtecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hacking
 
Unit 1
Unit 1Unit 1
Unit 1
 

Andere mochten auch

Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsOpher Etzion
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingAndy Piper
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingOpher Etzion
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Comparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsComparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsAndrej Šimko
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanHafiza Abas
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Complex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBComplex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBPrabath Siriwardena
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
CyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab
 
Debs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialDebs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialOpher Etzion
 
Analizadores de Protocolos
Analizadores de ProtocolosAnalizadores de Protocolos
Analizadores de ProtocolosMilton Muñoz
 
Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Tyrone Systems
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingTim Bass
 
Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects Ted Won
 

Andere mochten auch (20)

Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing Patterns
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream Processing
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processing
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
 
Comparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsComparative Analysis of Personal Firewalls
Comparative Analysis of Personal Firewalls
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azman
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Complex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBComplex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESB
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
CyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning Networks
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Debs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialDebs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages Tutorial
 
Analizadores de Protocolos
Analizadores de ProtocolosAnalizadores de Protocolos
Analizadores de Protocolos
 
Tutoriel esper
Tutoriel esperTutoriel esper
Tutoriel esper
 
Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning Overview
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event Processing
 
Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects
 

Ähnlich wie Session hijacking

typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Mobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementMobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementBarrel Software
 
NS-Lec-01&02.ppt
NS-Lec-01&02.pptNS-Lec-01&02.ppt
NS-Lec-01&02.pptahmed127489
 
Network security in computer network for BS
Network security in computer network for BSNetwork security in computer network for BS
Network security in computer network for BS23017156038
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 

Ähnlich wie Session hijacking (20)

Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
System Security
System SecuritySystem Security
System Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Mobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementMobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & Management
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Computer security
Computer securityComputer security
Computer security
 
Hunt down the evil of your infrastructure
Hunt down the evil of your infrastructureHunt down the evil of your infrastructure
Hunt down the evil of your infrastructure
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
 
NS-Lec-01&02.ppt
NS-Lec-01&02.pptNS-Lec-01&02.ppt
NS-Lec-01&02.ppt
 
Network security in computer network for BS
Network security in computer network for BSNetwork security in computer network for BS
Network security in computer network for BS
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network Security
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 

Kürzlich hochgeladen

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Kürzlich hochgeladen (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

Session hijacking

  • 1.
  • 2. TOPICS  TCP Concepts-The 3 Way handshake  Session hijacking  Types  Method  Mitigations  Tools  Firesheep
  • 4. What is Session Hijacking ?  Session hijacking is when an attacker gets access to the session state of a legitimate user.  The attacker steals a valid session ID which is used to get into the system and retrieve the data
  • 8. This is Spoofing not Hijacking
  • 10. Types Of Session Hijacking  Predictable session token  Session sniffing  Client side attacks (XSS, malicious JS codes, trojans etc)  Blind Hijack  Man-in-the-middle (MITM)
  • 11. Method (steps)  Place yourself between the victim and the target (you must be able to sniff the network)  Monitor the flow of packets  Predict the sequence number  Optionally kill the connection to the victim’s machine  Take over the session  Start injecting packets to the target server
  • 12. Mitigations  Use a secure HTTPS protocol  Use a VPN when connecting remotely  Protect access to your own networks  Limit exposure to untrusted networks  Educate the employees
  • 13. Tools  Juggernaut  Hunt  TTY Watcher  IP Watcher  T-Sight  Parros HTTP Hijacker  DroidSheep for Android  Firesheep (Firefox addon)
  • 14. Firesheep  Firesheep is a free, open source, and is now available for Mac OS X and Windows.  Linux support is on the way. Find it here- https://github.com/codebutler/firesheep/download s