Ethical Hacking: Session Hijacking

Pluralsight is not an official partner or accredited training center of EC-Council. This course goes through the risks of session hijacking in depth and helps you to become an ethical hacker with a strong session hijacking understanding.
Course info
Rating
(248)
Level
Beginner
Updated
Jul 29, 2015
Duration
3h 27m
Table of contents
Understanding Session Hijacking
Session Persistence in Web Applications
Hijacking Sessions in Web Applications
Network and Client Level Session Hijacking
Mitigating the Risk of Session Hijacking
Automating Session Hijack Attacks
Description
Course info
Rating
(248)
Level
Beginner
Updated
Jul 29, 2015
Duration
3h 27m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon. At a lower level on the network tier, the TCP protocol relies on sessions for communication between machines such as a client and a server. The confidentiality and integrity of this communication can be seriously impacted by a session hijacking attack. Learning how to identify these risks is an essential capability for the ethical hacker. Systems are frequently built insecurely and readily expose these flaws. Conversely, the risks are often easy to defend against by implementing simple patterns within the application. This course walks through both the risks and the defenses. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
Aug 3, 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

Session Persistence in Web Applications
In this module I want to talk all about session persistence in web applications and this is a really important precursor to then talking about how we actually exploit and hijack sessions in web apps. Now the thing about web apps is that they run over HTTP and HTTP has some interesting limitations, which causes us to implement session state management in somewhat of a clunky way. Let's jump into the module and have a look at what we're going to cover in terms of how web apps persist sessions across the stateless protocol that is HTTP. We're going to cover three key things in this module and the first one is HTTP and state management, why HTTP stateless and what that means when requests are sent to web servers. We're then going to take a look at how sessions are actually persisted over HTTP and it does require a little bit of manual coordination of behalf of the web app. There's that side of things and then there is actually data that's persisted in the session on the server as well, so we're going to touch on that too. And finally, the third major thing that I want to cover in this module are cookies, URLs, and form fields. Because these are the three structures by which sessions are normally persisted. And each has their good sides and their bad sides. So we're going to walk through and demo each one of these and then talk about the ups and downs that they each present. So that's what we're going to do. Let's go and jump into it and start by looking at the stateless nature of HTTP.

Automating Session Hijack Attacks
In this final module I'd like to take a look at automating session hijacking attacks. Now this is not about endorsing any one single tool or one signal approach, rather it's to show you a breadth of different products, both free and commercial, that you can use to identify the risk of session hijacking and streamline your testing of potentially vulnerable applications. So let's jump in and take a look at what we're going to cover throughout the remainder of this module. Firstly, we've spent this entire course so far understanding the mechanics of session hijacking and this really is essential. I wanted to make sure you understood how the risk actually manifests itself and then how attackers can successfully exploit it, but we can also take out a lot of the hard work. We can use tools that make the discovery of these risks much, much easier than investing all the manual labor that I've talked about so far throughout this course. So the approach here has really been understand how it works, now let's talk about how we can make it easier for you. One of the things you would have seen throughout this course is that there are a number of different indicators that there might be a risk of session hijacking, IDs and URLs, sequential session IDs, cross site scripting, lack of HTTPS, these are all different indicators that we've looked at throughout the course which can lead to a successful session hijacking attack. So what we're going to look at now is how many of these indicators can be detected via automation. So we're going to make the computer do the hard work and then we'll see what it finds and how that lines up with what we've seen already throughout this course. So let's go and jump into it and start automating our attacks.