Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
Description
Attack Execution Flow
4
1
Step 1
Explore[Detect Unprotected Session Token Transfer] The attacker sniffs on the wireless network to detect unencrypted traffic that contains session tokens.
The attacker uses a network sniffer tool like ferret or hamster to monitor the wireless traffic at a WiFi hotspot while examining it for evidence of transmittal of session tokens in unencrypted or recognizably encrypted form. An attacker applies their knowledge of the manner by which session tokens are generated and transmitted by various target systems to identify the session tokens.
AI Translation
[Detect Unprotected Session Token Transfer] L'attaccante intercetta sulla rete wireless per rilevare traffico non crittografato che contiene token di sessione.
L'attaccante utilizza uno strumento di sniffing di rete come ferret o hamster per monitorare il traffico wireless in un hotspot WiFi, esaminandolo alla ricerca di prove di trasmissione di token di sessione in forma non crittografata o riconoscibilmente crittografata. Un attaccante applica le proprie conoscenze sul modo in cui i token di sessione vengono generati e trasmessi da vari sistemi target per identificare i token di sessione.
Attack Techniques
-
The attacker uses a network sniffer tool like ferret or hamster to monitor the wireless traffic at a WiFi hotspot while examining it for evidence of transmittal of session tokens in unencrypted or recognizably encrypted form. An attacker applies their knowledge of the manner by which session tokens are generated and transmitted by various target systems to identify the session tokens.
2
Step 2
Experiment[Capture session token] The attacker uses sniffing tools to capture a session token from traffic.
AI Translation
[Acquisizione del token di sessione] L'attaccante utilizza strumenti di sniffing per catturare un token di sessione dal traffico.
3
Step 3
Experiment[Insert captured session token] The attacker attempts to insert a captured session token into communication with the targeted application to confirm viability for exploitation.
AI Translation
[Inserisci il token di sessione catturato] L'attaccante tenta di inserire un token di sessione catturato nella comunicazione con l'applicazione target per verificare la possibilità di sfruttamento.
4
Step 4
Exploit[Session Token Exploitation] The attacker leverages the captured session token to interact with the targeted application in a malicious fashion, impersonating the victim.
AI Translation
[Session Token Exploitation] L'attaccante sfrutta il token di sessione catturato per interagire con l'applicazione target in modo malevolo, impersonando la vittima.
Mitigations
2
Make Sure That Https Is Used To Communicate With The Target System. Alternatively, Use Vpn If Possible. It Is Important To Ensure That All Communication Between The Client And The Server Happens Via An Encrypted Secure Channel.
Modify The Session Token With Each Transmission And Protect It With Cryptography. Add The Idea Of Request Sequencing That Gives The Server An Ability To Detect Replay Attacks.
Consequences
Security Scopes Affected
Access Control
Authorization
Availability
Confidentiality
Integrity
Potential Impacts
Gain Privileges
Modify Data
Read Data
Unreliable Execution
Relationships
Parent CAPECs
Resources Required
1
A packet sniffing tool, such as wireshark, can be used to capture session information.