SlideShare una empresa de Scribd logo

Session hijacking

Descargar como PPTX, PDF
Vishal Punjabi
Vishal Punjabi
Tecnología
1 de 14
TOPICS  TCP Concepts-The 3 Way handshake  Session hijacking  Types  Method  Mitigations  Tools  Firesheep
The 3-way Handshake
What is Session Hijacking ?  Session hijacking is when an attacker gets access to the session state of a legitimate user.  The attacker steals a valid session ID which is used to get into the system and retrieve the data
3-Way Handshake
Session Hijacking
Session Hijacking
This is Spoofing not Hijacking
This is Hijacking
Types Of Session Hijacking  Predictable session token  Session sniffing  Client side attacks (XSS, malicious JS codes, trojans etc)  Blind Hijack  Man-in-the-middle (MITM)
Method (steps)  Place yourself between the victim and the target (you must be able to sniff the network)  Monitor the flow of packets  Predict the sequence number  Optionally kill the connection to the victim’s machine  Take over the session  Start injecting packets to the target server
Mitigations  Use a secure HTTPS protocol  Use a VPN when connecting remotely  Protect access to your own networks  Limit exposure to untrusted networks  Educate the employees
Tools  Juggernaut  Hunt  TTY Watcher  IP Watcher  T-Sight  Parros HTTP Hijacker  DroidSheep for Android  Firesheep (Firefox addon)
Firesheep  Firesheep is a free, open source, and is now available for Mac OS X and Windows.  Linux support is on the way. Find it here- https://github.com/codebutler/firesheep/download s

Recomendados

Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Session hijacking
Session hijackingSession hijacking
Session hijackingPushpinder Singh Joshi
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 

Recomendados

Session Hijacking
Session HijackingSession Hijacking
Session Hijackingn|u - The Open Security Community
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Session hijacking
Session hijackingSession hijacking
Session hijackingPushpinder Singh Joshi
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Module 10 (session hijacking)
Module 10 (session hijacking)Module 10 (session hijacking)
Module 10 (session hijacking)Wail Hassan
 
Session hijacking by rahul tyagi
Session hijacking by rahul tyagiSession hijacking by rahul tyagi
Session hijacking by rahul tyagiamansyal
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle AttackDeepak Upadhyay
 
Man in the middle
Man in the middleMan in the middle
Man in the middleAhmadThaqifAimanAhma
 
Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Cit877[1]
Cit877[1]Cit877[1]
Cit877[1]poonamjindal6
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Net Sec
Net SecNet Sec
Net Secbackdoor
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocolseSAT Journals
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with securityeSAT Publishing House
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network securityKhaled Omar
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hackingjignesh khunt
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Web spoofing
Web spoofingWeb spoofing
Web spoofingkondalarao7
 
Communication security
Communication securityCommunication security
Communication securitySotheavy Nhoung
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptographyMohibullah Saail
 
Protecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingProtecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingSaptha Wanniarachchi
 
Unit 1
Unit 1Unit 1
Unit 1Vinod Kumar Gorrepati
 
Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsOpher Etzion
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingAndy Piper
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingOpher Etzion
 

Más contenido relacionado

La actualidad más candente

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)Hemal Joshi
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)Togis UAB Ltd
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Balvinder Singh
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocolseSAT Journals
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with securityeSAT Publishing House
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANEditor IJCATR
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network securityKhaled Omar
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hackingjignesh khunt
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Protecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingProtecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingSaptha Wanniarachchi
 

La actualidad más candente (19)

Man in the middle attack (mitm)
Man in the middle attack (mitm)Man in the middle attack (mitm)
Man in the middle attack (mitm)
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)
 
Man in-the-middle attack(http)
Man in-the-middle attack(http)Man in-the-middle attack(http)
Man in-the-middle attack(http)
 
Cit877[1]
Cit877[1]Cit877[1]
Cit877[1]
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)Unauthorized access, Men in the Middle (MITM)
Unauthorized access, Men in the Middle (MITM)
 
Net Sec
Net SecNet Sec
Net Sec
 
Enhancement in network security with security protocols
Enhancement in network security with security protocolsEnhancement in network security with security protocols
Enhancement in network security with security protocols
 
Enhancement in network security with security
Enhancement in network security with securityEnhancement in network security with security
Enhancement in network security with security
 
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LANAvoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
Avoiding Man in the Middle Attack Based on ARP Spoofing in the LAN
 
The Road Network security
The Road Network securityThe Road Network security
The Road Network security
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hacking
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Web spoofing
Web spoofingWeb spoofing
Web spoofing
 
Communication security
Communication securityCommunication security
Communication security
 
Spoofing
SpoofingSpoofing
Spoofing
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptography
 
Protecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hackingProtecting wireless networks aka wireless hacking
Protecting wireless networks aka wireless hacking
 
Unit 1
Unit 1Unit 1
Unit 1
 

Destacado

Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsOpher Etzion
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingAndy Piper
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingOpher Etzion
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On LinuxOsama Mustafa
 
Comparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsComparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsAndrej Šimko
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanHafiza Abas
 
Chapter 12
Chapter 12Chapter 12
Chapter 12cclay3
 
Complex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBComplex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBPrabath Siriwardena
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
CyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab
 
Debs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialDebs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialOpher Etzion
 
Analizadores de Protocolos
Analizadores de ProtocolosAnalizadores de Protocolos
Analizadores de ProtocolosMilton Muñoz
 
Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Tyrone Systems
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmapcommiebstrd
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanningleminhvuong
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingTim Bass
 
Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects Ted Won
 

Destacado (20)

Tutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing PatternsTutorial in DEBS 2008 - Event Processing Patterns
Tutorial in DEBS 2008 - Event Processing Patterns
 
Reactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream ProcessingReactconf 2014 - Event Stream Processing
Reactconf 2014 - Event Stream Processing
 
Debs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processingDebs 2011 tutorial on non functional properties of event processing
Debs 2011 tutorial on non functional properties of event processing
 
Installing Complex Event Processing On Linux
Installing Complex Event Processing On LinuxInstalling Complex Event Processing On Linux
Installing Complex Event Processing On Linux
 
Comparative Analysis of Personal Firewalls
Comparative Analysis of Personal FirewallsComparative Analysis of Personal Firewalls
Comparative Analysis of Personal Firewalls
 
Access control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azmanAccess control attacks by nor liyana binti azman
Access control attacks by nor liyana binti azman
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Complex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESBComplex Event Processing with Esper and WSO2 ESB
Complex Event Processing with Esper and WSO2 ESB
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
CyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning NetworksCyberLab CCEH Session - 3 Scanning Networks
CyberLab CCEH Session - 3 Scanning Networks
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Debs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages TutorialDebs2009 Event Processing Languages Tutorial
Debs2009 Event Processing Languages Tutorial
 
Analizadores de Protocolos
Analizadores de ProtocolosAnalizadores de Protocolos
Analizadores de Protocolos
 
Tutoriel esper
Tutoriel esperTutoriel esper
Tutoriel esper
 
Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?Why Data Virtualization Is Good For Big Data Analytics?
Why Data Virtualization Is Good For Big Data Analytics?
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Port Scanning Overview
Port Scanning OverviewPort Scanning Overview
Port Scanning Overview
 
Module 3 Scanning
Module 3 ScanningModule 3 Scanning
Module 3 Scanning
 
Optimizing Your SOA with Event Processing
Optimizing Your SOA with Event ProcessingOptimizing Your SOA with Event Processing
Optimizing Your SOA with Event Processing
 
Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects Building Real-time CEP Application with Open Source Projects
Building Real-time CEP Application with Open Source Projects
 

Similar a Session hijacking

typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Mobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementMobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementBarrel Software
 
NS-Lec-01&02.ppt
NS-Lec-01&02.pptNS-Lec-01&02.ppt
NS-Lec-01&02.pptahmed127489
 
Network security in computer network for BS
Network security in computer network for BSNetwork security in computer network for BS
Network security in computer network for BS23017156038
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 

Similar a Session hijacking (20)

Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
System Security
System SecuritySystem Security
System Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Mobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & ManagementMobile Application Security - Broken Authentication & Management
Mobile Application Security - Broken Authentication & Management
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Computer security
Computer securityComputer security
Computer security
 
Hunt down the evil of your infrastructure
Hunt down the evil of your infrastructureHunt down the evil of your infrastructure
Hunt down the evil of your infrastructure
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
 
NS-Lec-01&02.ppt
NS-Lec-01&02.pptNS-Lec-01&02.ppt
NS-Lec-01&02.ppt
 
Network security in computer network for BS
Network security in computer network for BSNetwork security in computer network for BS
Network security in computer network for BS
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network Security
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Session hijacking

  • 1.
  • 2. TOPICS  TCP Concepts-The 3 Way handshake  Session hijacking  Types  Method  Mitigations  Tools  Firesheep
  • 4. What is Session Hijacking ?  Session hijacking is when an attacker gets access to the session state of a legitimate user.  The attacker steals a valid session ID which is used to get into the system and retrieve the data
  • 8. This is Spoofing not Hijacking
  • 10. Types Of Session Hijacking  Predictable session token  Session sniffing  Client side attacks (XSS, malicious JS codes, trojans etc)  Blind Hijack  Man-in-the-middle (MITM)
  • 11. Method (steps)  Place yourself between the victim and the target (you must be able to sniff the network)  Monitor the flow of packets  Predict the sequence number  Optionally kill the connection to the victim’s machine  Take over the session  Start injecting packets to the target server
  • 12. Mitigations  Use a secure HTTPS protocol  Use a VPN when connecting remotely  Protect access to your own networks  Limit exposure to untrusted networks  Educate the employees
  • 13. Tools  Juggernaut  Hunt  TTY Watcher  IP Watcher  T-Sight  Parros HTTP Hijacker  DroidSheep for Android  Firesheep (Firefox addon)
  • 14. Firesheep  Firesheep is a free, open source, and is now available for Mac OS X and Windows.  Linux support is on the way. Find it here- https://github.com/codebutler/firesheep/download s