Tuesday, July 15, 2008

Session hijacking

Imperva defines session hijacking as "the act of taking control of a user session after successfully obtaining or generating an authentication session ID... involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress".
I demonstrate session hijacking using a combination of tools called Ferret and Hamster as well as my own private wireless network. No neighbours or wireless users were harmed during this recording. The use of Internet Explorer is to simulate another party (ie. the "victim") sharing the same open wireless network (eg. free wireless at Starbucks). Ferret sniffs the unencrypted traffic in the air and collects useful information into a text file. From Firefox, I access Gmail to show the login page and verify that I did not cheat by logging in earlier. Hamster is then utilised to present web session-related information in the form of hyperlinks which I click to present me (ie. the "attacker") with easy access to active sessions. Viola! You have been hijacked!

The higher res version of this demo can be downloaded here.

To avoid being hijacked, avoid logging into websites that do not support HTTPS on open wireless networks. If you don't want to be snooped on, don't use public networks period.

No comments:

Post a Comment