Session hijacking attack - Revision history

Bill Sempf: Took out empty header

2014-08-14T20:30:35Z

Took out empty header

Alan Jex: Added to subcategory "Exploitation of Authentication"

2011-12-06T22:25:42Z

Added to subcategory "Exploitation of Authentication"

MediaWiki spam cleanup: Reverting to last version not containing links to www.textlaacel.com

2009-05-27T18:31:24Z

Reverting to last version not containing links to www.textlaacel.com

Deleted user at 20:32, 22 May 2009

2009-05-22T20:32:19Z

KirstenS at 11:50, 23 April 2009

2009-04-23T11:50:41Z

KirstenS at 22:57, 7 April 2009

2009-04-07T22:57:18Z

KirstenS at 00:51, 17 February 2009

2009-02-17T00:51:44Z

KirstenS: /* Cross-site script attack */

2009-02-17T00:50:51Z

‎Cross-site script attack

KirstenS: /* Cross-site script attack */

2009-02-17T00:49:51Z

‎Cross-site script attack

KirstenS: /* Description */

2009-02-17T00:49:05Z

‎Description

← Older revision		Revision as of 20:30, 14 August 2014
Line 20:		Line 20:
	* [[Man-in-the-browser attack]]		* [[Man-in-the-browser attack]]

−	~~==Risk Factors==~~
−	~~TBD~~

	==Examples ==		==Examples ==

@@ Line 76: / Line 76: @@
 * http://en.wikipedia.org/wiki/HTTP_cookie
+[[Category:Exploitation of Authentication]]
 [[Category:Attack]]

@@ Line 1: / Line 1: @@
 {{Template:Attack}}
 <br>
@@ Line 10: / Line 9: @@
 The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.
-Because http communication uses many different TCP connections, the web server needs a method to recognize every userâs connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.
+Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.
 The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
@@ Line 29: / Line 28: @@
 ====Session Sniffing====
-In the example, as we can see, first the attacker uses a sniffer to capture a valid token session called âSession IDâ, then he uses the valid token session to gain unauthorized access to the Web Server.
+In the example, as we can see, first the attacker uses a sniffer to capture a valid token session called “Session ID”, then he uses the valid token session to gain unauthorized access to the Web Server.

@@ Line 1: / Line 1: @@
 {{Template:Attack}}
 <br>
@@ Line 9: / Line 10: @@
 The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.
-Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.
+Because http communication uses many different TCP connections, the web server needs a method to recognize every userâs connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.
 The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
@@ Line 28: / Line 29: @@
 ====Session Sniffing====
-In the example, as we can see, first the attacker uses a sniffer to capture a valid token session called “Session ID”, then he uses the valid token session to gain unauthorized access to the Web Server.
+In the example, as we can see, first the attacker uses a sniffer to capture a valid token session called âSession IDâ, then he uses the valid token session to gain unauthorized access to the Web Server.

← Older revision		Revision as of 11:50, 23 April 2009
Line 2:		Line 2:
	<br>		<br>
	[[Category:OWASP ASDR Project]]		[[Category:OWASP ASDR Project]]
		+
		+	Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

← Older revision		Revision as of 22:57, 7 April 2009
Line 2:		Line 2:
	<br>		<br>
	[[Category:OWASP ASDR Project]]		[[Category:OWASP ASDR Project]]
−	~~[[ASDR Table of Contents]]~~

@@ Line 21: / Line 21: @@
 ==Risk Factors==
 TBD
 ==Examples ==

@@ Line 41: / Line 41: @@
 The attacker can compromise the session token by using malicious code or programs running at the client-side. The example shows how the attacker could use an XSS attack to steal the session token. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker.
-The example in figure 3 uses an XSS attack to show the cookie value of the current session, using the same technique it'ss possible to create a specific Javascript code that will send the cookie to the attacker:
+The example in figure 3 uses an XSS attack to show the cookie value of the current session; using the same technique it's possible to create a specific JavaScript code that will send the cookie to the attacker.
 <SCRIPT>alert(document.cookie);</SCRIPT>

@@ Line 40: / Line 40: @@
 ====Cross-site script attack====
-The attacker can compromise the session token by using malicious code or programs running at the client-side. The example shows how the attacker could use a XSS attack to steal the session token. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker.
+The attacker can compromise the session token by using malicious code or programs running at the client-side. The example shows how the attacker could use an XSS attack to steal the session token. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker.
 The example in figure 3 uses an XSS attack to show the cookie value of the current session, using the same technique it'ss possible to create a specific Javascript code that will send the cookie to the attacker: