hijack suite

In computer science, session hijacking, sometimes also known as cøøkíé hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cøøkíé used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cøøkíés used to maintain a session on many websites can be easily stolen by an attacker using an intermediary computer or with access to the saved cøøkíés on the victim's computer (see HTTP cøøkíé theft). After successfully s†éáling appropriate session cøøkíés an adversary might use the Pass the cøøkíé technique to perform session hijacking. cøøkíé hijacking is commonly used against client authentication on the internet. Modern web browsers use cøøkíé protection mechanisms to protect the web from being attacked.A popular method is using source-routed IP packets. This allows an attacker at point B on the network to participate in a conversation between A and C by encouraging the IP packets to pass through B's machine.
If source-routing is turned off, the attacker can use "blind" hijacking, whereby it guesses the responses of the two machines. Thus, the attacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from elsewhere on the net.
An attacker can also be "inline" between A and C using a sniffing program to watch the conversation. This is known as a "man-in-the-middle attack".

You do not have permission to view the full content of this post. Log in or register now.