Session Hijacking and Web Apps: Session hijacking at the application level focuses on gaining access to a host by obtaining legitimate session IDs from the victim. Essentially, a session ID is an identifier the “conversation” it is having with the client. So, for example, say that you have logged in to a merchant site and are browsing the site for a book. With each page you brows to, the web server receives the request and forwards you to the next page without requiring you to repeatedly log in. The server is able to do this because it has identified your session ID and assumes it knows who you are at this point. Let’s look at session IDs in greater depth to gain a better understanding of the part they play in hijacking applications.
Session IDs, for our purpose, come in three flavors:
Embedded in a URL A web app uses the GET request to follow links embedded in a web page. An attacker can easily browse through the victim’s browsing history and many times gain access by simply entering the URL of a previously browsed web app.
Embedded as a Hidden Field Forms for inputting user data many times include a hidden field that is used for sending a client’s session ID. The ID is sent via the HTTP POST command when the information is submitted.
Cookies Cookies have been a potential avenue of exploit for quite some time, and they have recently taken the rap for privacy issues such as tracking shopping activity or storing user’s sensitive data. An attacker can obtain session information from cookies residing on the victim machine.
Vulnerabilities of lingering cookies or session from subpar coding or easier customer access are something we have probably all seen at one time or another. Consider, for instance, pulling up an authenticated web page from your browser’s history, only to find that you were conveniently still logged in days later—something to be aware of for sure.
Exercise: Demonstrates how to view cookie information from unencrypted sites such as Facebook.
Session Hijacking with Firesheep
In this exercise you will use Firesheep to view cookie information from Facebook and other unencrypted sites.
To perform this exercise you will need to download a copy of Firesheep and Firefox. Once you have installed the Firesheep plugin into Firefox, perform the following steps:
- Start Firefox.
- In the browser use the Open With option.
- Click View and then check the Firesheep option.
- On the top left, click Start Capturing and choose Session Cookies of People on the Local Network.
- Double-click the photo, and you will be logged in to the select account.
ALL THE INFORMATION USED IN WWW.TECHYTALK.ONLINE WEBSITE IS ONLY FOR EDUCATIONAL AND AWARENESS PURPOSES TO STUDENTS AND ETHICAL HACKERS. THERE IS NOTHING ILLEGALLY TAUGHT OR GIVEN ADVICE OVER THAT.
| WWW.SYBEX.COM |