Hi Guys,
we are here to discuss one more topic related to web application hacking, that is session hacking. Note that session hijacking and session hacking are closely related terms but are slightly different. In session hacking application level attacks are concerned where as in session hijacking application level attack as well as TCP/IP level attacks are covered. Session hacking in other terms can also be called as Session Management Attack. So here I must clear we are discussing session hacking not session hijacking. People with confusion in session hacking and session hijacking should read this post carefully I hope that would help them clear up their confusion.
So first of all what is session, session can be termed as an entity which is responsible for handling your state over internet like whether you are logged in or not or which item you have added to your cart while shopping etc. And most common and well known method known for managing sessions are cookies.we are here to discuss one more topic related to web application hacking, that is session hacking. Note that session hijacking and session hacking are closely related terms but are slightly different. In session hacking application level attacks are concerned where as in session hijacking application level attack as well as TCP/IP level attacks are covered. Session hacking in other terms can also be called as Session Management Attack. So here I must clear we are discussing session hacking not session hijacking. People with confusion in session hacking and session hijacking should read this post carefully I hope that would help them clear up their confusion.
Web applications become vulnerable to session hacking due to improper generation and mishandling of cookies while undergoing process. The data that is passed as cookie is known as token so in fact we can say that weak token generation methods and weakness in handling them is main reason for session getting hacked.
What are common weak token generation methods ?
One of the most common mistake many new web developers make is they design tokens to be meaningful. That means most likely the token is created from user-name, password, email id, telephone or mobile number, country, region, time and similar information about logged user. And if token does not include password there is 100% chance that hacker can log in as any user he/she wants since all other information is readily available in user's profile to create a new legal tokens as cookie values.
Next weak token generation method may include generation of token value that is predictable. Predictable token can be generated in several ways for example creating a pattern to generate token, using only hexadecimal values, using known token generation methods, using hidden sequences while generating tokens.
Lastly creating a session token which is fully time independent or fully time dependent. One of the biggest mistake that can be done while creating tokens for handling session. In fact many experienced hackers might even crack token generated using this method in few minutes. It's never a good idea to use this method for generating tokens.
What are common token mishandling methods ?
The very first in list is coding for cookies in improper way to work in LAN network.
Next is appearance of tokens in session logs and URL.
And third is storing cookies in wrong way.
Lastly thinking that we have implemented SSL means we are secure to session related attacks.
A session token vulnerable to attack means complete session is vulnerable to attack. Underestimating session handling can prove to be serious. So here we end up with basics of session hacking in next post we will have our look on how to perform session hacking attack against weak cookie generation and then in next post to it how to perform attacks on token mishandling methods and lastly how to perform hacked session CSRF attack. Till then thanks for reading, have a nice time and keep visiting.