Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How does session hijacking work?

hijacking session
0
Posted

How does session hijacking work?

0 CommentsAdd a Comment

1 Answer

0

Session hijacking is even more difficult than IP address spoofing. In session hijacking, John would seek to insert himself into a session that Jane already had set up with \\Mail. John would wait until Jane established a session, then knock her off the air by some means and pick up the session as though he was her. As before, John would send a scripted set of packets to \\Mail but would not be able to see the responses. To do this, he would need to know the sequence number in use when he hijacked the session, which could be calculated knowing the ISN and the number of packets that have been exchanged. Successful session hijacking is extremely difficult and only possible when a number of factors are under the attacker’s control. Knowledge of the ISN would be the least of John’s challenges. For instance, he would need a way to knock Jane off the air at will. He also would need a way to know the exact status of Jane’s session at the moment he mounted his attack. Both of these require that

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.