Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Web13: Session Hijacking Hacking Techniques
1. Cause
After each successful user login, the session will be redefined and have a new session ID. If the attacker knows this new Session ID, then the attacker can access the application as a normal user. There are many ways for the attacker to get the session ID and take over the user's session such as: Man-in-the-middle attack: eavesdropping and stealing the user's session ID. Or take advantage of XSS errors in programming to get the user's Session ID.
2. Mining ways
Session Sniffing
As we can see in the figure, first, the attacker will use a sniffer tool to capture the valid session ID of the victim, then he uses this session ID to work with the Web Server under the victim's authority.
Cross-site script attack
An attacker can obtain the victim's session ID by means of malicious code that runs on the client side, such as JavaScript. If a website has an XSS vulnerability, an attacker can create a link containing malicious JavaScript code, and send it to the victim. If the victim clicks on this link, his cookie will be sent to the attacker.
3. Prevention
The following methods can be used to prevent Session Hijacking:
- Use HTTPS in data transmission to avoid eavesdropping.
- Use a large random string or number to limit the success of a bruteforce attack.
- Regenerate session ID after each user successfully login, to avoid Session Fixation attack.
Wish you get more knowledge after each lesson with TipsMake.com!
David PacYou should read it
- Session in PHP
- Analyze DLL hijacking attacks
- What is Domain Hijacking? How dangerous is it?
- Function SESSION_USER in SQL Server
- Learn about DNS Hijacking and how to prevent it!
- The reset session command in Windows
- How to Create a Secure Session Management System in PHP and MySQL
- Group Session: A new feature on Spotify that allows users to listen to music together
May be interested
- How to Tune a Java Virtual Machine (JVM)
the java virtual machine (jvm) runs your java programs. sometimes the default configuration that the jvm comes with may not be the most efficient for your program. - TOP best programming games and apps for kidsprogramming is one of the great skills to have in the future. now it's easier than ever to teach kids to code with this list of the best coding apps for kids.
- Team Kali Linux teaches free online pentest on Twitchoffensive security, the creators of kali linux, has just announced that they will host a free penetration testing (pentest) course with kali linux.
- Flutter - Google's free and open source mobile UI frameworkflutter is a free and open source mobile ui framework created by google and released in may 2017.
- Blooket - Download the latest Blooket hereblooket is a learning platform built in a gamified way. the platform combines quiz-style questions and answers with fun skill games that students can play to answer questions.
- How to learn Kotlin without coding experiencekotlin is a widely used programming language for developing android applications, an alternative to java.
What is Session Hijacking? Common Session Hijacking Attacks
What is Domain Hijacking? How dangerous is it?
Learn about attacking Man in the Middle - Taking over Session control
Basic hacking techniques - Part II
Session in PHP