How often do we hear that some’s email or Facebook account has been hacked. More often than not, the hacker or rather the cracker, uses something called as Session hijacking or SideJacking
Now, you may ask What is Session Hijacking?
Session Hijacking or Sidejacking is when an identity thief spies on your Internet session while you use your laptop at a public, unsecured WiFi connection to the Internet, or “hotspot.” Common hotspot locations are airports, coffee shops, hotels, and some downtown city locations.
It is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. In other words, the attacker can now make use of your cookie to impersonate your account and can do everything a user can do when logged-in to any website.
Now what the hell Are these Cookies and How does it have all my details?
When logging into a website(say, Facebook, GMail, etc) you usually start by submitting your credentials (username and password). The server then checks to see if an account matching this information exists and if so, replies back to you with a ” Session, Authentication, Identification cookie” which is used by your browser for all subsequent requests made to the server.
So, where is the problem?
The problem lies here, it is extremely common for websites to protect your password by encrypting the initial login phase, but for websites to encrypt everything else is rarely seen, This leaves the cookie (and the user) vulnerable, and there my friend, is the problem!
On an wireless network, cookies are basically passed through the air, making these attacks extremely easy.
What exactly happens during a session Hijacking Attacks, Steps involved in Session Hijacking Attack
Session Hijacking is carried two in 2 steps
1. Capturing the Packets (HTTP Cookies):
The tools to sniff off the packets containing “session cookies” are widely available. Using packet sniffer such as Wireshark, Ethereal you can sniff the packets between the target IP and the host. These tools capture packets such as POST or GET requests used by Web-browsers to send and receive data from the Host. But we are mainly interested in grabbing the cookies, so one can carefully take out the cookie information from the sniffed Packets.
2. Using the Session Cookies, captured in the First Step:
Once you have the cookie information, the next Step is to use this information to get access to victims user account. Using Sniffed(captured in the first step) Cookie you can actually login to your victims account even without knowing his/her password. To do this you will require browser plugin that can manage and edit cookies. For firefox Browser, you can use Cookie Manager+ or Edit Cookies to do this task. Chrome users can checkout: Edit This Cookie or Cookie Manager.
Hey, that looks complicated, don’t you have the easy way out?
Yes, we do, here is the easy way ;).
Use Firesheep, Eric Butler a software engineer introduced it as a firefox extension. The extension was created as a demonstration of the security risk to users of web sites that only encrypt the login process and not the cookie(s) created during the login process. The extension uses a packet sniffer to intercept unencrypted cookies from certain websites, as the cookies are transmitted over the networks.
When you are on public network (WiFi or LAN), Fireship can automatically capture all the available session cookies of any website and reports it to you, but yeah, you need the Firefox browser, you can download it for free.
You can now choose between all the available use accounts and you are just a click away to access them. Awesome isn’t it?
Firesheep has exploited and made it easy for public WiFi users to be attacked by session hijackers. Websites like Facebook, Twitter, and almost all the other ones which allow user adds to their preferences, allow the firesheep user to easily access private information from cookies.
Damn, this may have serious implication, How to I protect myself against this Session Hijacking thingy?
You have to follow a strict regime on the internet, follow very complex steps that we are going to write below.
RELAX.
It is simple, there are no lengthy complex steps or any strict regime to follow, all you have to do is.
1. Enable HTTPS: Facebook, Twitter and almost all the website now-a-days allow you to use HTTPS, when you browse any website that require you to enter your credentials, use HTTPS:// instead of the regular http:// in the URL (this goes in the address bar)
To enable https on
Facebook:Â Account Settings > Account Security > check “Secure Browsing (https)” >> Save.
Twitter:Â Settings > Account > check “Https Only” > Save.
GMail, has https enabled as default.
2. FireFox Users can use a plugin called HTTPS Finder, HTTPS EVERYWHERE, these automatically detects and alerts when SSL is available on a web page. It also provides one-click rule creation for HTTPS Everywhere.
3. Use HTTPS, is the Chrome Alternate to it
4. When you are using Public WiFi, Avoid Logging in on websites that don’t Support HTTPS.
5. Always Log off a websites when done. If the ‘victim‘ logs out of any Website, the attackers session becomes invalid so it’s a good practice to actually log out and log back in again rather than using the ‘remember me‘ check-box on your browser.
6. Avoid using unencrypted Wi-Fi. Encrypting everything over Wi-Fi is an excellent idea. Although not many hot-spots offer Encrypted WiFi, using it can greatly reduce the risk of being hacked.
and we are done, see we told you no complex steps! 😉
Let us know if you have any problems or queries.
[notification type=”alert”]This article is written to educate the users, we are not pro-crackers, we believe that there should be stern privacy rules, which could safeguard the user on the internet[/notification]