{"id":23706,"date":"2013-05-14T11:59:43","date_gmt":"2013-05-14T06:29:43","guid":{"rendered":"http:\/\/vskills.in\/certification\/tutorial\/?p=23706"},"modified":"2024-04-12T14:17:26","modified_gmt":"2024-04-12T08:47:26","slug":"session-hijacking","status":"publish","type":"page","link":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/","title":{"rendered":"Session Hijacking"},"content":{"rendered":"<p><a class=\"vsc\" href=\"https:\/\/www.vskills.in\/certification\/web-development\/certificate-in-e-commerce\"><span class=\"vsc-cn\" style=\"text-align: center;\"><span style=\"color: red;\">Certify and Increase Opportunity.<\/span><br \/>\n<span style=\"color: green;\">Be <\/span><br \/>\nGovt. Certified E-Commerce Professional<br \/>\n<\/span><\/a><\/p>\n<p>Session Hijacking<\/p>\n<p><strong>Session<\/strong><\/p>\n<p>A session refers to temporary information interchange between two devices like logging into a web based email from Google, is actually participating in a session of data transfer between the Google\u2019s server and end user for working on the e-mail account. Session is created and destroyed as per need and fulfillment as in web based e-mail, logging into and logging out refers to it.<\/p>\n<p>Two devices have to negotiate common communication parameters for communicating on a network which is accomplished by a three-way handshake process in TCP\/IP based networks. Devices utilize a session token or a sequence number amongst them.<\/p>\n<p><strong>Session Hijacking<\/strong><\/p>\n<p>Session hijacking is taking over an active TCP \/IP communication session without either user&#8217;s permission or knowledge. When implemented successfully, attackers assume the identity of the compromised user, enjoying the same access to resources as the compromised user.<\/p>\n<p>Session hijack attacks are usually waged against users that are members of large networks containing a number of open sessions. Network protocols like FTP, Telnet, and rlogin are attractive for such attacks to the attacker, because of the session oriented nature of their connections and they do not implement any security during logon, authentication, or data transmission.<\/p>\n<p><span style=\"text-decoration: underline;\"><em>Session Hijacking Types<\/em><\/span><\/p>\n<ul>\n<li>Active Session Hijacking &#8211; It involves hijacking a already authenticated session as original user has logged in his account or profile and then attacker steal the cookies to hijack the active session and then disconnect the original user from the server. It is done by stealing the original users cookies by using client side scripts by involving social engineering tactics which includes emails, private messaging on forums and on other social networking websites.<\/li>\n<li>Passive Session Hijacking &#8211; In it attackers does not hijack active session instead they capture the login credentials while the original user is trying to establish a new connection with the server, and attacker is sitting silently on the same network and recording the login credentials.<\/li>\n<\/ul>\n<p><strong>TCP Session Hijacking<\/strong><\/p>\n<p>It is oldest type of session hijacking. TCP session hijacking actually deals with the successful prediction of the Initial sequence numbers that gets exchanged between two host or a client and the server. Sequence Numbers are exchanged during TCP Three way handshaking.<\/p>\n<ul>\n<li>Host A sends a SYN bit set packet to Host B to create a new connection.<\/li>\n<li>Host B will reply with SYN\/ACK bits set packet to Host A with a initial sequence number.<\/li>\n<li>Host A will reply with ACK bit set packet to Host B with Initial Sequence Number + 1<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\" size-full wp-image-6118 aligncenter\" src=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png\" alt=\"VS-1077-9.8-A\" \/><\/p>\n<p>So, if attackers manage to predict the initial sequence number then they can actually send the last ACK data packet to the server, spoofing as original Host then, they can hijack the TCP Connection.<\/p>\n<p><strong>Prevention<\/strong><\/p>\n<p>Measures to be used to prevent session hijacking include<\/p>\n<ul>\n<li>Regenerate the session id after a successful login.<\/li>\n<li>Encryption of the data traffic passed between the connected devices.<\/li>\n<li>Using a long random number or string as the session key which will take long to guess.<\/li>\n<\/ul>\n<div class=\"apply\">\n<h3>Apply for E-commerce Certification Now!!<\/h3>\n<p><a href=\"https:\/\/www.vskills.in\/certification\/web-development\/certificate-in-e-commerce\">https:\/\/www.vskills.in\/certification\/web-development\/certificate-in-e-commerce<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Certify and Increase Opportunity. Be Govt. Certified E-Commerce Professional Session Hijacking Session A session refers to temporary information interchange between two devices like logging into a web based email from Google, is actually participating in a session of data transfer between the Google\u2019s server and end user for working on the e-mail account. Session is&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[3355],"tags":[],"class_list":["post-23706","page","type-page","status-publish","hentry","category-e-commerce-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Session Hijacking - Tutorial<\/title>\n<meta name=\"description\" content=\"Session Hijacking. Govt of India Certification for e-commerce. Get Certified and improve employability. Certification assesses candidates in e-commerce concepts.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Session Hijacking - Tutorial\" \/>\n<meta property=\"og:description\" content=\"Session Hijacking. Govt of India Certification for e-commerce. Get Certified and improve employability. Certification assesses candidates in e-commerce concepts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-12T08:47:26+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/\",\"name\":\"Session Hijacking - Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png\",\"datePublished\":\"2013-05-14T06:29:43+00:00\",\"dateModified\":\"2024-04-12T08:47:26+00:00\",\"description\":\"Session Hijacking. Govt of India Certification for e-commerce. Get Certified and improve employability. Certification assesses candidates in e-commerce concepts.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#primaryimage\",\"url\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png\",\"contentUrl\":\"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session Hijacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"name\":\"Tutorial\",\"description\":\"Vskills - A initiative in elearning and certification\",\"publisher\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\",\"name\":\"Vskills\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"width\":73,\"height\":55,\"caption\":\"Vskills\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vskills.in\/\",\"https:\/\/x.com\/vskills_in\",\"https:\/\/www.linkedin.com\/company-beta\/1371554\/\",\"https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Session Hijacking - Tutorial","description":"Session Hijacking. Govt of India Certification for e-commerce. Get Certified and improve employability. Certification assesses candidates in e-commerce concepts.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/","og_locale":"en_US","og_type":"article","og_title":"Session Hijacking - Tutorial","og_description":"Session Hijacking. Govt of India Certification for e-commerce. Get Certified and improve employability. Certification assesses candidates in e-commerce concepts.","og_url":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/","og_site_name":"Tutorial","article_publisher":"https:\/\/www.facebook.com\/vskills.in\/","article_modified_time":"2024-04-12T08:47:26+00:00","og_image":[{"url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png","type":"","width":"","height":""}],"twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/","name":"Session Hijacking - Tutorial","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#primaryimage"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#primaryimage"},"thumbnailUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png","datePublished":"2013-05-14T06:29:43+00:00","dateModified":"2024-04-12T08:47:26+00:00","description":"Session Hijacking. Govt of India Certification for e-commerce. Get Certified and improve employability. Certification assesses candidates in e-commerce concepts.","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#primaryimage","url":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png","contentUrl":"http:\/\/www.vskills.in\/lms\/wp-content\/uploads\/2015\/02\/VS-1077-9.8-A.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/session-hijacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/tutorial\/"},{"@type":"ListItem","position":2,"name":"Session Hijacking"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","name":"Tutorial","description":"Vskills - A initiative in elearning and certification","publisher":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization","name":"Vskills","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","contentUrl":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","width":73,"height":55,"caption":"Vskills"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vskills.in\/","https:\/\/x.com\/vskills_in","https:\/\/www.linkedin.com\/company-beta\/1371554\/","https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw"]}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/23706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/comments?post=23706"}],"version-history":[{"count":6,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/23706\/revisions"}],"predecessor-version":[{"id":106381,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/23706\/revisions\/106381"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/media?parent=23706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/categories?post=23706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/tags?post=23706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}