SlideShare a Scribd company logo

Session Hijacking ppt

Download as PPTX, PDF
Harsh Kevadia
Harsh Kevadia

This is seminar topic of engineering student. For more detail visit www.kevadiyaharsh.blogspot.com and here you can get report also.

EducationTechnology
1 of 21
Session Hijacking Theft On The Web By Mr. Kevadiya Harsh j. 1 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Outline  Session Hijacking  Difference Between Spoofing and Hijacking  Types of Session Hijacking  Network and Application Level of Session Hijacking  Steps to Conduct a Session Hijacking Attack  Session Hijacking Tools  Detection and Prevention of Session Hijacking 2 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
What Is Session Hijacking  Session Hijacking is when an attacker gets access to the session state of a particular user.  The attacker steals a valid session ID which is used to get into the system and snoop the data.  WhatsApp Sniffer is popular Session Hijacking attack.  Session Hijacking first attack on Christmas day 1994 by Kevin Mitnick when http 0.9 was release. 3 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Spoofing vs. Hijacking  Spoofing : 4 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Spoofing vs. Hijacking(cont’d)  Hijacking: 5 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Types of Session Hijacking  There are 2 types of Session Hijacking 1) Active : In an active attack, an attacker finds an active session and takes over. 2) Passive : With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth. 6 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Session Hijacking Levels  Session hijacking takes place at two levels: 1. Network Level: Network level can be defined as the interception of the packets during the transmission between client and the server in a TCP and UDP session 2. Application Level: Application level is about gaining control on HTTP user session by obtaining the session ID’s 7 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Network Level  Network level session hijacking is particularly attractive to hackers because it provides some critical information to the attacker which is used to attack application level sessions  Network level hijacking includes:  TCP/IP Hijacking  IP Spoofing: Source Routed Packets  RST Hijacking  Blind Hijacking  Man in the Middle: Packet Sniffer  UDP Hijacking 8 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
9/28/2013 8:53 AM By Kevadiya Harsh Guided by Prof.Mayuri Mehta ‹#›
IP Spoofing: Source Routed Packets  IP spoofing is “a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.” 10 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
9/28/2013 8:53 AM By Kevadiya Harsh Guided by Prof.Mayuri Mehta ‹#›
Blind Hijacking  In blind hijacking, an attacker injects data such as malicious commands into intercepted communications between two hosts.  The hacker can send the data or comments but has no access to see the response. 12 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Man in the Middle: Packet Sniffer (MITM) and UDP Hijacking  In this attack, the packet sniffer is used to interface between the client and the server.  The packets between the client and the server are routed through the hijacker’s host by using two techniques: 1. Internet Control Message Protocol (ICMP) 2. ARP spoofing  UDP Hijacking: Man in the Middle attack in the UDP hijacking can minimize the task of the attacker. 13 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Application Level Session Hijacking  In this level, the hacker gains the session ID’s to get control of the existing session or even create a new unauthorized session  Application level session hijacking includes:  Obtaining Session ID’s  Sniffing  Brute Force  Misdirected Trust 14 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Implements  There is a well-known saying that “Ideas without implementation is hallucination.” 15 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Session Hijacking Tools  WireShark: sniffing packets  Juggernaut: Linux base, Flow across the network  Hunt: Unix base, sequence number prediction  TTY Watcher: sun, monitor and control users system  IP Watcher: commercial Software  T-Sight : Windows , Commercial software  Paros HTTP Hijacker: spidering, proxy-chaining, filtering, application vulnerability scanning.  Hjksuite Tool:  DnsHijacker Tool and many open source scripts like cookie injector. 16 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Detection of Session Hijacking  Why we want to detect? 17 Detection Method Manual Method Automatic Method Using Packet Sniffing Software Intrusion detection systems (IDS) intrusion prevention systems (IPS)Normal Telnet Session Forcing an ARP Entry By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Prevention of Session Hijacking  There are mainly four methods to prevent session hijacking: 1. Encryption 2. Connections 3. Anti-virus Software 4. Employee education 18 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Conclusion  Protecting network sessions that carry sensitive and important data such as credit card numbers, bank transactions, and administrative server commands is an important first step at improving the security posture of your organization.  Secure session tracking should not rely on either cookies or ssl session-ids alone, but rather a combination of these two plus many more factors. Airlock detects and prevents session hijacking by continuously checking this fingerprint of a users requests. 19 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
References  Mark Lin “An Overview of Session Hijacking at the Network and Application Levels,” SANS institute 2005.  Paul Jess, “Session Hijacking in Windows Networks” Richard Wanner, SANS Institute , 2006.  Laxman Vishnoi and Monika Agrwal, “Session hijacking and its countermeasure” 2013.  Dinesh Yadav and Anjali Sardana,” Enhanced 3-Way Handshake Protocol for Key Exchange in IEEE 802.11i”  Bo Li and Shen-juan LV “The Application Research of Cookies in Network Security”  Faheem Fayyaz and Hamza Rasheed “Using JPCAP to prevent man-in-the-middle attacks in a local area network environment”  Joon S. Park and Ravi Sandhu “Secure Cookies on the Web” George Mason University  Hulusi Onder “Session Hijacking Attacks in Wireless Local Area Networks” Monterey, California , March 2004  Italo Dacosta, Saurabh Chakradeo, Mustaque Ahamad and Patrick Traynor “One-Time Cookies: Preventing Session Hijacking Attacks with Stateless Authentication Tokens”  Huyam AL-Amro and Eyas El-Qawasmeh “Discovering Security Vulnerabilities And Leaks In ASP.NET Websites”  Preecha Noiumkar "Top 10 Free Web-Mail Security Test Using Session Hijacking”  Sheng Pang, Changjia Chen, Jinkang jia” Session Hijack in the Great Firewall of China”  Kevin Lam, David LeBlanc, and Ben Smith (2005). Prevent Session Hijacking [Online]. Available: http://technet.microsoft.com/en- us/magazine/2005.01.sessionhijacking.aspx  Definition of Session Hijacking [Online]. Available: http://hitachi-id.com/concepts/session_hijacking.html  Session Hijacking [Online]. Available: http://en.wikipedia.org/wiki/Session_hijacking  Anim Saxena (Jan 23, 2013) Session Hijacking and Web based Attacks [Online]. Available: https://supportforums.cisco.com/community/netpro/security/web/blog/2013/01/23/session-hicjacking-and-some-web-based-attacks  Luke Millanta (Friday 23 August 2013). How to: Understanding session hijacking [Online]. Available: http://www.pcauthority.com.au/Feature/354468,how-to-understanding-session-hijacking.aspx 20 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
Thank You….. Q/A! 21 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM

Recommended

Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 

Recommended

Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security ArchitectureBharathiKrishna6
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacksStefan Fodor
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Encryption
EncryptionEncryption
Encryptionvasanthimuniasamy
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
sessionhijacking-130928105302-phpapp02.pptx
sessionhijacking-130928105302-phpapp02.pptxsessionhijacking-130928105302-phpapp02.pptx
sessionhijacking-130928105302-phpapp02.pptxkotapallysritej
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 

More Related Content

What's hot

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacksStefan Fodor
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and DistributionSyed Bahadur Shah
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptxPradeepKumar728006
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 

What's hot (20)

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
 
System hacking
System hackingSystem hacking
System hacking
 
Key Management and Distribution
Key Management and DistributionKey Management and Distribution
Key Management and Distribution
 
User authentication
User authenticationUser authentication
User authentication
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Man in the middle
Man in the middleMan in the middle
Man in the middle
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Encryption
EncryptionEncryption
Encryption
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 

Similar to Session Hijacking ppt

sessionhijacking-130928105302-phpapp02.pptx
sessionhijacking-130928105302-phpapp02.pptxsessionhijacking-130928105302-phpapp02.pptx
sessionhijacking-130928105302-phpapp02.pptxkotapallysritej
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information securityJayanth Vinay
 
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSLATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
 
ethicalhacking-140929012151-phpapp02.pdf
ethicalhacking-140929012151-phpapp02.pdfethicalhacking-140929012151-phpapp02.pdf
ethicalhacking-140929012151-phpapp02.pdf722820106121SARANS
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...IOSR Journals
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Multilevel Security and Authentication System
Multilevel Security and Authentication SystemMultilevel Security and Authentication System
Multilevel Security and Authentication Systempaperpublications3
 
Analytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sAnalytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sijtsrd
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answersShivamSharma909
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013ijcsbi
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptxKellyIsaac3
 

Similar to Session Hijacking ppt (20)

sessionhijacking-130928105302-phpapp02.pptx
sessionhijacking-130928105302-phpapp02.pptxsessionhijacking-130928105302-phpapp02.pptx
sessionhijacking-130928105302-phpapp02.pptx
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
 
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSLATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKS
 
ethicalhacking-140929012151-phpapp02.pdf
ethicalhacking-140929012151-phpapp02.pdfethicalhacking-140929012151-phpapp02.pdf
ethicalhacking-140929012151-phpapp02.pdf
 
CYBER SECUIRTY PRESENTATION.pptx
CYBER SECUIRTY PRESENTATION.pptxCYBER SECUIRTY PRESENTATION.pptx
CYBER SECUIRTY PRESENTATION.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
Detection of Session Hijacking and IP Spoofing Using Sensor Nodes and Cryptog...
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking report
 
Multilevel Security and Authentication System
Multilevel Security and Authentication SystemMultilevel Security and Authentication System
Multilevel Security and Authentication System
 
Analytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sAnalytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’s
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
 
Integrated honeypot
Integrated honeypotIntegrated honeypot
Integrated honeypot
 
Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013Vol 6 No 1 - October 2013
Vol 6 No 1 - October 2013
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
my new HACKING
my new HACKINGmy new HACKING
my new HACKING
 
network security ppt.pptx
network security ppt.pptxnetwork security ppt.pptx
network security ppt.pptx
 

Recently uploaded

Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 

Recently uploaded (20)

Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 

Session Hijacking ppt

  • 1. Session Hijacking Theft On The Web By Mr. Kevadiya Harsh j. 1 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 2. Outline  Session Hijacking  Difference Between Spoofing and Hijacking  Types of Session Hijacking  Network and Application Level of Session Hijacking  Steps to Conduct a Session Hijacking Attack  Session Hijacking Tools  Detection and Prevention of Session Hijacking 2 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 3. What Is Session Hijacking  Session Hijacking is when an attacker gets access to the session state of a particular user.  The attacker steals a valid session ID which is used to get into the system and snoop the data.  WhatsApp Sniffer is popular Session Hijacking attack.  Session Hijacking first attack on Christmas day 1994 by Kevin Mitnick when http 0.9 was release. 3 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 4. Spoofing vs. Hijacking  Spoofing : 4 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 5. Spoofing vs. Hijacking(cont’d)  Hijacking: 5 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 6. Types of Session Hijacking  There are 2 types of Session Hijacking 1) Active : In an active attack, an attacker finds an active session and takes over. 2) Passive : With passive attack, an attacker hijacks a session, but sits back, and watches and records all the traffic that is being sent forth. 6 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 7. Session Hijacking Levels  Session hijacking takes place at two levels: 1. Network Level: Network level can be defined as the interception of the packets during the transmission between client and the server in a TCP and UDP session 2. Application Level: Application level is about gaining control on HTTP user session by obtaining the session ID’s 7 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 8. Network Level  Network level session hijacking is particularly attractive to hackers because it provides some critical information to the attacker which is used to attack application level sessions  Network level hijacking includes:  TCP/IP Hijacking  IP Spoofing: Source Routed Packets  RST Hijacking  Blind Hijacking  Man in the Middle: Packet Sniffer  UDP Hijacking 8 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 9. 9/28/2013 8:53 AM By Kevadiya Harsh Guided by Prof.Mayuri Mehta ‹#›
  • 10. IP Spoofing: Source Routed Packets  IP spoofing is “a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.” 10 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 11. 9/28/2013 8:53 AM By Kevadiya Harsh Guided by Prof.Mayuri Mehta ‹#›
  • 12. Blind Hijacking  In blind hijacking, an attacker injects data such as malicious commands into intercepted communications between two hosts.  The hacker can send the data or comments but has no access to see the response. 12 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 13. Man in the Middle: Packet Sniffer (MITM) and UDP Hijacking  In this attack, the packet sniffer is used to interface between the client and the server.  The packets between the client and the server are routed through the hijacker’s host by using two techniques: 1. Internet Control Message Protocol (ICMP) 2. ARP spoofing  UDP Hijacking: Man in the Middle attack in the UDP hijacking can minimize the task of the attacker. 13 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 14. Application Level Session Hijacking  In this level, the hacker gains the session ID’s to get control of the existing session or even create a new unauthorized session  Application level session hijacking includes:  Obtaining Session ID’s  Sniffing  Brute Force  Misdirected Trust 14 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 15. Implements  There is a well-known saying that “Ideas without implementation is hallucination.” 15 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 16. Session Hijacking Tools  WireShark: sniffing packets  Juggernaut: Linux base, Flow across the network  Hunt: Unix base, sequence number prediction  TTY Watcher: sun, monitor and control users system  IP Watcher: commercial Software  T-Sight : Windows , Commercial software  Paros HTTP Hijacker: spidering, proxy-chaining, filtering, application vulnerability scanning.  Hjksuite Tool:  DnsHijacker Tool and many open source scripts like cookie injector. 16 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 17. Detection of Session Hijacking  Why we want to detect? 17 Detection Method Manual Method Automatic Method Using Packet Sniffing Software Intrusion detection systems (IDS) intrusion prevention systems (IPS)Normal Telnet Session Forcing an ARP Entry By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 18. Prevention of Session Hijacking  There are mainly four methods to prevent session hijacking: 1. Encryption 2. Connections 3. Anti-virus Software 4. Employee education 18 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 19. Conclusion  Protecting network sessions that carry sensitive and important data such as credit card numbers, bank transactions, and administrative server commands is an important first step at improving the security posture of your organization.  Secure session tracking should not rely on either cookies or ssl session-ids alone, but rather a combination of these two plus many more factors. Airlock detects and prevents session hijacking by continuously checking this fingerprint of a users requests. 19 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 20. References  Mark Lin “An Overview of Session Hijacking at the Network and Application Levels,” SANS institute 2005.  Paul Jess, “Session Hijacking in Windows Networks” Richard Wanner, SANS Institute , 2006.  Laxman Vishnoi and Monika Agrwal, “Session hijacking and its countermeasure” 2013.  Dinesh Yadav and Anjali Sardana,” Enhanced 3-Way Handshake Protocol for Key Exchange in IEEE 802.11i”  Bo Li and Shen-juan LV “The Application Research of Cookies in Network Security”  Faheem Fayyaz and Hamza Rasheed “Using JPCAP to prevent man-in-the-middle attacks in a local area network environment”  Joon S. Park and Ravi Sandhu “Secure Cookies on the Web” George Mason University  Hulusi Onder “Session Hijacking Attacks in Wireless Local Area Networks” Monterey, California , March 2004  Italo Dacosta, Saurabh Chakradeo, Mustaque Ahamad and Patrick Traynor “One-Time Cookies: Preventing Session Hijacking Attacks with Stateless Authentication Tokens”  Huyam AL-Amro and Eyas El-Qawasmeh “Discovering Security Vulnerabilities And Leaks In ASP.NET Websites”  Preecha Noiumkar "Top 10 Free Web-Mail Security Test Using Session Hijacking”  Sheng Pang, Changjia Chen, Jinkang jia” Session Hijack in the Great Firewall of China”  Kevin Lam, David LeBlanc, and Ben Smith (2005). Prevent Session Hijacking [Online]. Available: http://technet.microsoft.com/en- us/magazine/2005.01.sessionhijacking.aspx  Definition of Session Hijacking [Online]. Available: http://hitachi-id.com/concepts/session_hijacking.html  Session Hijacking [Online]. Available: http://en.wikipedia.org/wiki/Session_hijacking  Anim Saxena (Jan 23, 2013) Session Hijacking and Web based Attacks [Online]. Available: https://supportforums.cisco.com/community/netpro/security/web/blog/2013/01/23/session-hicjacking-and-some-web-based-attacks  Luke Millanta (Friday 23 August 2013). How to: Understanding session hijacking [Online]. Available: http://www.pcauthority.com.au/Feature/354468,how-to-understanding-session-hijacking.aspx 20 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM
  • 21. Thank You….. Q/A! 21 By Kevadiya Harsh Guided by Prof.Mayuri Mehta 9/28/2013 8:53 AM