1
Sync Session Paper 1
Modupeola Sasore
Course: IA8060
May 13, 2023
2
Explain what happens when a season is hijacked.
Session hijacking occurs when an attacker steals a user's session cookies or IDs. An
attacker can steal data, make illicit transactions, or transmit messages using session hijacking.
Man-in-the-middle, XSS, and packet sniffing can hijack sessions. A session hijacker can utilize
the hijacked account to impersonate a user, steal sensitive data, or conduct other system assaults.
(Wayne et al., 2023). Theft of sensitive information, monetary loss, damage to one's reputation,
and legal liability are just some of the potential outcomes of a session hijacking assault. The
following are some safeguards that website developers and system administrators may take to
protect their users from session hijacking attacks.
Developers should use encryption and secure protocols like HTTPS to communicate
session cookies and session IDs for secure session management. Session cookies should expire
after a short time and encourage users to re-authenticate after inactivity. Securing
Authentication: Multi-factor authentication, strong passwords, and password limits can keep
attackers out of user accounts and sessions. Regular vulnerability scans and penetration testing
are the best techniques to uncover security issues that attackers may use to take over a user's
session and repair them. Session hijacking is dangerous, thus users should be warned to avoid
strange links, use strong passwords, and log out after using their accounts.
Describe the difference between spoofing and hijacking.
Spoofing and hijacking cyberattacks put ICT infrastructure at risk. Cybercriminals launch
these assaults to steal information, breach networks illegally, or accomplish other nefarious ends.
One must “spoof” or pose as a reliable entity to obtain access to private data or systems. A phony
3
website or email account might imitate a trustworthy business. Email, IP, and DNS spoofing are
popular spoofing attacks.
Cybercriminals sometimes counterfeit emails from banks or government organizations to
deceive their targets into giving critical information or accessing dangerous URLs (Noh et al.,
2019). IP spoofing is forging network packets to have a false origin by changing the source IP
address. By manipulating the DNS resolution process, an attacker can trick a user into visiting a
malicious website. However, hijacking is when one party takes over a communication session
involving two or more participants. An adversary can do harmful acts by sabotaging
communication channels. Several types of hijacking attacks exist, including session, IP, and
clickjacking.
When an attacker engages in session hijacking, they take over a conversation between a
user and a website to get access to private data or commit other forms of mischief. By tampering
with the routing tables, an attacker can divert traffic meant for a specific IP address to his or her
machine. During a clickjacking attack, the target is tricked into clicking on a link or button that,
once clicked, performs an activity without their knowledge or agreement.
Name and describe the steps in conducting a session hijacking attack
In a session hijacking attack, a hacker takes control of a legitimate session between two
users. The hacker then poses as another user to steal information, do illegal acts, or take over the
system. Several methods exist for launching a session hijacking assault, each of which entails the
following stages.
Passive monitoring- The first step is for the attacker to find a legitimate session to hijack
by monitoring the network traffic and the dialogue between the two parties. To
4
successfully hijack a session, an attacker must identify certain packets that include
session identifiers, login credentials, or other valuable information.
Session ID spoofing- Second, the attacker utilizes the information from the first step to
construct a phony session by spoofing the session ID. The attacker initiates a connection
with the server by sending a request with the faked session ID.
Session ID prediction- Here, the adversary best guesses a legitimate session's identifier
(Prapty et al., 2020). To do this, we look at how frequently specific server and client
session IDs are generated. The attacker may take over the session after correctly
anticipating the session ID.
Session fixation- The attacker will generate a new session ID and require the victim to
utilize it if they want to employ this tactic. The attacker might email the victim a
malicious link using the session ID. After the victim clicks the link, the attacker can take
over their session.
Man-in-the-middle attack- Here, the attacker listens to the server's and client's
conversations. The attacker then acts as a go-between for the two parties, relaying and
altering their communications to take over the session.
Exploiting session vulnerabilities- In this method, the attacker takes control of the
session by taking advantage of flaws in the system that manages them. Examples of such
vulnerabilities exist in the authentication procedure and the encryption used for session
identifiers.
Describe different types of session hijacking.
The term “session hijacking” describes the illegal usage of another user's session on a
network. With this method, the attacker may take over the victim's account and make changes as
5
if they were the real user (Calzavara et al., 2019). Session hijacking can take several forms, like
as
IP spoofing: The attacker forges the packets' source IP address to make them look to be
from a trusted source. The attacker can circumvent network security that using IP
addresses to authenticate users.
Cookie hijacking: Web servers save session data in cookies. Attackers can intercept and
steal these cookies to access the user's account.
Session fixation: An attacker in this scenario would create the user's session ID before
the user logs in. Once the user logs in, the attacker has the session ID and may take
control.
Perform sequence number prediction.
Predictive modeling in the form of sequence number prediction uses statistical methods to
foretell the next digit in a series. Finance, engineering, and computer science are just a few
disciplines that may benefit from this kind of modeling. Network protocols like TCP
(Transmission Control Protocol) and UDP (User Datagram Protocol) employ sequence number
prediction to guarantee the timely delivery of data packets in the field of information and
communication technology (ICT). Each packet in these protocols has a unique sequence number
used to verify delivery in the expected order and track down any misplaced data.
TCP relies on selective acknowledgments (SACK) to find and resend dropped packets.
Therefore, accurate sequence number prediction is crucial. The sender can avoid unnecessary
retransmissions and boost network performance by sending packets to the receiver before the
following number in the sequence (Kulmanov et al., 2020). Sequence number prediction has
6
applications outside network protocols like encryption and cybersecurity. In the world of
cryptography, for instance, sequence number prediction may be used by attackers to determine
what the following key will be. ICT professionals may utilize sequence number prediction to
boost network throughput, tighten security, and guarantee the timely arrival of data packets.
7
References
Wayne, M. L., & Sienkiewicz, M. (2023). “We Do not Aspire to Be Netflix”: Understanding
Content Acquisition Practices Among Niche Streaming Services. Television & New
Media, 24(3), 298-315.
Noh, J., Kwon, Y., Son, Y., Shin, H., Kim, D., Choi, J., & Kim, Y. (2019). Tractor beam: Safe-
hijacking of consumer drones with adaptive GPS spoofing. ACM Transactions on Privacy
and Security (TOPS), 22(2), 1–26.
Prapty, R. T., Md, S. A., Hossain, S., & Narman, H. S. (2020, April). They are preventing
session hijacking using encrypted one-time cookies. In 2020 Wireless Telecommunications
Symposium (WTS) (pp. 1-6). IEEE.
Calzavara, S., Rabitti, A., & Bugliesi, M. (2019). Sub-session hijacking on the web: Root causes
and prevention. Journal of Computer Security, 27(2), 233-257.
Kulmanov, M., & Hoehndorf, R. (2020). DeepGOPlus: improved protein function prediction
from the sequence. Bioinformatics, 36(2), 422-429.
