This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
With the increasing development in ecommerce, vital information is passed over the web constantly. Financial and authentication information are sent over the web resulting in risk of stolen and alteration of the information. So, there is a need of protecting information from misuse and theft by insiders or outsiders intentionally or unintentionally. The aim of this paper is to discuss on security vulnerability especially session hijacking. It focuses on different techniques to gain control over the session where the information are stored and how the attacker gets access over the unauthorized information and cause vulnerability during the web session. So, it is very important to be aware of such vulnerability and attempt should be made to make the network or the web less accessible to vulnerabilities. So, in this paper, vulnerable approaches like eavesdropping and cookies to keep track of the web user, different techniques and consequences of session hijacking and lastly its countermeasures will be discussed and strategies for session hijacking prevention will be provided.
No one on the web is protected from security threats. Everyone is in the race of developing web applications giving minimal attention to the web security which results in the web being vulnerable to security attacks. So, in this paper, I will discuss on various attacks and ways one can keep track of the user like cookies, eavesdropping, session hijacking that is how an intruder can get access over the user's session and cause vulnerabilities.
I will also be focusing on various techniques to minimize such insecurity over the web.
APPROACHES TO TRACK WEB USER
1. Cookies: A web cookie is a piece of information that is stored in browser's cache. In traditional term, it is neither a program nor spyware. So, basically a cookie is a text file that is stored in the hard drive memory and it is used to retain or collect information about the internet activity.
It was first introduced on the web by Netscape in 1994 with the intension to keep track of the visits of Netscape website. Cookies can keep information about the users such as login name, sites he/she visited, pages the user is looking at particular site, how long the user spent on a site, shopping cart details, web browser he is using, etc. It might or might not have the expiration date depending upon the server. It can be deleted manually for memory saving and privacy concern.
C:\Documents and Settings\pramila\Desktop\cookie.JPG
Figure 1: Cookie
From figure 1, we can see the cookie of the e-commerce website ebay.com. When I logged to ebay website, its details are saved in a cookie including its internet address, type, size, expiry date, last modified, last accessed and last checked date and time. So, one can easily track the website visited and its details.
However, a cookie has its own advantages and disadvantages. Browsing internet is a stateless process and has no memory about who came and went. If user logs the same website after a while browser would not know the user unless there is a cookie in user's machine and get information and proceed. The disadvantage of the cookie is that one can easily get the details about user and the website visited as the details are in plain text. It can however be managed according to the clients' needs like selecting different ways of configuring cookies. We can set the privacy settings and allow or block the cookies as required.
2. Eavesdropping: Eavesdropping is the process of collecting the information in the network by sniffing the traffic transmitted. So, eavesdropping means to secretly hear the confidential conversation over the network. So, a hacker can easily get control over the host's computer by eavesdropping and get unauthorized control over the network resulting in various vulnerabilities.
Eavesdropping can be prevented using IPSec (Internet Protocol Security) and implementing various security association policies.
3. Session ID: A session ID is a unique number that is given to the client by the website's server while he is visiting to that website for certain period of time. That session ID expires after the session is ended. So, every time a user visits specific website, he is assigned a new session ID. The session ID is either stored in cookie or URL.
C:\Documents and Settings\pramila\Desktop\session id.JPG
Figure 2: Session details
From the figure 2, when I visited ecommerce site called amazon.com, its details are saved in a cookie where the cookie contains the session id and session id time for the client given by the web server.
Session hijacking is the way of taking control over the user session after it has successfully obtained the session ID. So, it involves gaining access to the user session over the protected network.
Session hijacking can be done in two levels; Network Level and Application Level. Network Level hijacking includes TCP (Transport Control Protocol) and UDP (User Defined Protocol) session hijacking and Application Level includes HTTP (Hyper Text Transfer Protocol) session hijacking. So, if the network level hijack is done successfully, then it will be easier for the hacker to hijack application level session.
TCP Hijacking: It takes place by taking control over TCP session between client and computer and acts to be one of them. Then the intruder inject his spoofed packets along with the IP address of the trusted host that is client and fool server as if the packets are coming from the client. And once the hacker can alter the sequence number and acknowledgement number, he can easily inject his spoofed packet onto the session before the client can communicate. TCP hijacking is mainly done by two techniques; IP Spoofing and man in the middle attack using packet sniffer.
UDP Session Hijacking: In UDP hijacking, the intruder simply replies to the client UDP request just before the server can respond. And once sniffing is done then it will become easier for the intruder to control the network traffic and can restrict the server's response to the client.
HTTP Session Hijacking: It involves obtaining the Session ID for the particular session and then creating the new unauthorized session. Session ID is typically found in cookies stored in clients computer, URL for HTTP GET request received by the browser and within the form fields. So, hijacker can easily get access to URL using browsing history or proxy server logs. The session ID in stored in plain text in cookies which make easier for hacker to guess or steal it. So, one can do so by observing or sniffing session ID, also using Brute force technique, where one can guess number of session IDs according to the pattern and finally get the session ID. And the last technique is misdirected trust; which involves injecting unauthorized HTML into the browser.
Demo for Session Hijacking: In this demo, I will be using Ferret and Hamster software to collect other users HTTP cookies and log in to their account without using login name and password.
Initially, we need to run the sniffer to run the network traffic and I will be using wireshark. So, I opened wireshark and tried to collect and capture network packets. Then on the other hand, I will simulate as the other user and opened the web browser (firefox in my case) and logged into my gmail account.
C:\Documents and Settings\pramila\Desktop\journal\gmail.JPG
Figure 3: Gmail login account
Then, I logged out from gmail and closed the browser.
C:\Documents and Settings\pramila\Desktop\journal\wireshark.JPG
Figure 4: Wireshark capturing packets.
Wireshark was then saved as "demo.pcap" within the folder where hamster was located and closed Wireshark as well.
Then I opened command prompt and viewed all the files in hamster directory. C:\Documents and Settings\pramila\Desktop\journal\new.JPG
Figure 5: Hamster file
I could see "demo.pcap" file within hamster folder. I then used ferret to extract the session ID from the sniffer output.
C:\Documents and Settings\pramila\Desktop\journal\hamster.JPG
Figure 6: Creation of hamster text file
Now the hamster.txt file was created which contained all the cookies and session id. I then run hamster in order to use those extracted session IDs.
Then I set my web browser proxy settings to manual setting and HTTP Proxy as 127.0.0.1 and port to 1234. And when we open a hamster page, we can see the IP address of the host machine and clicking on it showed all the cookies and links that were accesses by that IP in the left panel. And when I clicked on gmail, it logged into the gmail account using its session id and without login and password details.
C:\Documents and Settings\pramila\Desktop\journal\pic2.JPG
Figure 7: Session Hijacking
The following figure 8 shows the cookies saved in hamster file.
C:\Documents and Settings\pramila\Desktop\journal\hamster1.JPG
Figure 8: Cookies in hamster file
The most important thing to prevent hijacking is to protect the packet. The packet should be encrypted in such a way that it should be difficult for the hacker to decrypt it. For this purpose we can use encrypted transport protocols like IPSec (Internet Protocol Security), SSL (Secure Socket Layer) and SSH (Secure Shell)
IPSec: It is a set of protocols which gives the ability to have the encryption for secure communication over internet and private networks as well. It has two types of encryption modes called Transport mode and Tunnel Mode. Transport mode only encrypts the packet data leaving the header as it is but in Tunnel mode, the packet data including the header is also encrypted which makes the hacker difficult to decrypt the packet as he cannot see the header details.
SSL: It is a security protocol which is used to transfer the private data over the internet. It is a cryptographic system which uses two keys for the encryption of the data, public key which is known to everyone and the private key which is known to the intended recipient only. It encrypts the information sent over HTTP session.
SSH: It is a network protocol which means a set of rules that tells the computer how to send the data from one place to the other. It is more secure because the data is encrypted before sending to the server or client and makes it difficult for the hackers to decrypt it. It can protect the network from different vulnerabilities like IP spoofing and IP source routing.
Session hijacking is the serious problem to web application and network in a web application. In this paper, I have discussed about the general overview of different methods of tracking user or the website details in a web application like cookies, eavesdropping attack and session hijacking. Because of the growing technology everyone wants to access the web and even very crucial information are passed over the web. This has resulted in different vulnerabilities to occur as hacker tries to get access over the private data of the user.
Furthermore, I have also discussed in various security techniques to minimize the web vulnerabilities.