A Survey on Session Hijacking
P. Ramesh Babu D.Lalitha Bhaskari CPVNJ Mohan Rao
Dept of Computer Science & Engineering Dept of Computer Science &Systems Engineering Dept of ComputerScience & EngineeringSri Prakash College of Engineering AU College of Engineering (A) Avanthi Institute of Engineering& TechnologyTuni-533401, INDIA Visakhapatnam-530003, INDIA Narsipatnam-531113, INDIAE-mail:firstname.lastname@example.org E-mail:email@example.com E-mail:firstname.lastname@example.org
With the emerging fields in e-commerce,financial and identity information are at ahigher risk of being stolen. The purpose of this paper is to illustrate a common-cum-valiant security threat to which most systemsare prone to i.e. Session Hijacking.
It refersto the exploitation of a valid computer sessiontogain unauthorized access to information orservices in a computer system.
Sensitive userinformation is constantly transportedbetween sessions after authentication andhackers are putting their best efforts to stealthem.In thispaper, wewill be setting thestages for the session hijacking to occur, andthendiscussing the techniques andmechanics of the act of session hijacking,and finally providing general strategies forits prevention
Key words: session hijacking, packet,application level, network level, sniffing,spoofing, server, client, TCP/IP, UDP andHTTP
Session hijackingrefers to the exploitation of avalid computer sessionto gain unauthorizedaccess to information or services in a computersystem or t
he session hijack is a processwhereby the attacker inserts themselves intoan existing communication session betweentwo computers. Generally speaking, sessionhijack attacksare usually waged against aWorkstationserver type of communicationsession; however, hijacks can be conductedbetween a workstation computercommunicating with a network basedappliance like routers, switches or firewalls.Now we will substantiate the clear view of stages and levels of session hijacking.“Indeed, in a study of 45Web applicationsin production at client companiesfound that31 percent of e-commerce applicationswerevulnerable to cookie manipulation andsession hijacking”. Section 2 of thispaper deals with the different stages of session hijacking, section 3 deals in depthdetails of where session hijacking can bedone followed by discussion of Avoidanceof session hijacking. Section 5 concludes thepaper.
2. Stages of session hijacking
Before we can discuss the detailsof sessionhijacking, we need to befamiliar with thestages on which this act plays out. We haveto identify thevulnerable protocols and alsoobtain an understanding of what sessions areand how they are used.Based on our survey,wehave found that the three main protocolsthatmanage the data flow on which sessionhijacking occurs are TCP, UDP, andHTTP.
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 7, October 201076http://sites.google.com/site/ijcsis/ISSN 1947-5500