Session Hijacking Techniques
Session Hijacking process is categorized into the following three techniques:
- Stealing
- Guessing
- Brute-Forcing
Session Hijacking Process
- Sniffing
- Monitoring
- Session Desynchronization
- Session ID
- Command Injection
Types of Session Hijacking
- Active Attack
- Passive Attack
Session Hijacking in OSI Model
- Network Level Hijacking
- Application Level Hijacking
Spoofing vs. Hijacking
Application Level Session Hijacking
- Compromising Session IDs using Sniffing
- Compromising Session IDs by Predicting Session Token
- Compromising Session IDs Using Man-in-the-Middle Attack
- Compromising Session IDs Using Man-in-the-Browser Attack
- Compromising Session IDs Using Client-side Attacks
Network-level Session Hijacking
The 3-Way Handshake
- TCP/IP Hijacking
- Source Routing
- RST Hijacking
- Blind Hijacking
- Forged ICMP and ARP Spoofing
- UDP Hijacking
Session Hijacking Countermeasures
IPSec
Components of IPsec
Modes of IPsec
There are two working modes of IPSec namely tunnel and transport mode.
- IPSec Tunnel Mode
- IPsec Transport Mode
