What is Session Hijacking and their Types?

Agar apke man mai bhi yeh swal ata hai What is SESSION HIJACKING tab aap bilkul sahi jagah hai. SESSION HIJACKING ke bare mai jane se pahle.

Apko yeh jana jaruri hai ki SESSION kya hota hai. Jaha do ya do se jada Communicating devices ke bich mai jo Conversation hota hai use SESSION  kaha jata hai.

Jaise maan lijiye aap kisi Website par 5 minute tak visit karte hai or aap vaha kuch bhi jarte hai. Tab yeh 5 minute ka connection apke Computer or us Website ka SESSION kehlata hai.

Note- This Post only for educational Purpose .Don’t miss use your Knowledge

SESSION HIJACKING 

SESSION HIJACKING ko hum COOKIES HIJACKING ke naam se bhi jante hai. Lekin COOKIES HIJACKING or SESSION HIJACKING mai ek chota sa difference hota hai.

Cookies humare Computer par Browser mai save hoti hai jab ki SESSION Server par bante hai. Lekin Cookies or Session dono milkar hi kaam karte hai.

Chaliye ise example ke through samjhte hai. Jaise maan lijiye apne google  Chrome mai Facebook ID ko open kiya or veh ID apne open hi rakhi hui hai.

Uske baad jab aap dubara se Facebook open karte hai. Tab apko apka account open milta hai kyoki jab apne apna account pahli bar open kiya

Aise mai apke Browser mai apke account ki Cookies save ho gayi or un Cookies ki vajah se apka Facebook ke Server ke sath ek Session Ban gaya hai.

Hacker isi ka fayda utha kar Facebook accounts ko hack karte hai. Agar apke Browser mai apke Facebook account ki ve Cookies kisi hacker ke pass chali jati hai. Tab veh kuch extensions ke through apka facebook account bina apke password ke open kar sakta hai.

Ise SESSION HIJACKING ya COOKIES HIJACKING kaha jata hai. Ise bachne ke liye aap kabhi apne Browser ya kisi app mai apna facebook account open mat rakhe. Aap apna account use karne ke bad use Logout jarur kar de.

Apka Browser kisi website se Three way handshake ke through connection ko bnata hai. Jaise maan lijiye apne Computer par Google.com ko open karte hai.

Aise mai apka Computer se Google.com ko Syn message jata hai. Uske baad Google.com syn-ack apke Computer tak vapis bhejta hai.

Uske baad apka Computer Server ke through bheje gaye acknowledgement ko accept karta hai. Iske baad apke computer ka connection google.com se ban pata hai

ALSO READ

What is Whatsapp Hacking

System Hacking?

What is WIFI-Hacking ?

Social Engineering?

Types of SESSION HIJACKING

ACTIVE SESSION

Isme ek user ka kisi Server ya website ke sath connection ban jane ke bad is attack ko kiya jata hai. Jaise maan lijiye aap apne Computer mai facebook.com ko open karte hai.

Aise mai apka Facebook ke sath session ban gaya hai or bich mai hi ek hacker apke bnaye hue session ko destroy karke apne Computer ke sath session ko bana leta hai.

Jaise apke Computer la Source IP ADDRESS 192.162.1.124 hai or destination IP ADDRESS 192.162.0.0 hai. Or apke dusri side jis server ke sath apka session bana hua hai.

Uska source IP ADDRESS apke Computer ka destination IP ADDRESS or server destination IP ADDRESS apke Computer ka Source address hai.

Aise mai ek hacker pahle to apke session ko destroy karta hai. Or apne computer ka IP ADDRESS User ke Computer ka Source IP ADDRESS rakhta hai. Or destination IP ADDRESS User ka hi Destination IP ADDRESS rakhta hai.

Aise mai server ko lagta hai ki uska session sahi user ke sath bana hua hai. Jab ki real user ke session ko pahle hi hacker destroy kar deta hai. Is tarah se ACTIVE SESSION HIJACKING ka use kiya jata hai.

PASSIVE SESSION

Isme Session ko destroy nahi kiya jata hai. Isme hacker tab user ki Information ko capture kar leta hai. Jab user server ko apni information send kar raha hota hai.

Naya session bna kar apne kaam ko anjam deta hai. Jaise maan lijiye ek normal user ne apna facebook account ko Log in kiya. Tab ek hacker us session ko destroy nhi karega.

Tab Login Information ko Capture kar leta hai. Jab user ke through facebook server par login information bheji ja rahi hoti hai. Or ek naya session bna kar hacking ki anjam deta hai.

ADVANTAGE OF SESSION HIJACKING FOR HACKER

  • Ek hacker ko kisi user ke Social account ki Cookies ko Hijack karne ke baad. Kisi bhi tarah ke password ki jarurt nahi hoti hai. Veh Cookies ke through hi session ko dubara se bana kar victim ke social account ko open kar sakta hai
  • Jab ek bar kisi hacker ke pass kisi user ke social account ki cookies mil jati hai. Or veh tab tak un cookies ka use karke session ko dubara establish kar sakta hai .Jab tak user ke Browser mai uske social account ki veh Cookies store rehti hai
  • Yeh ATTACK un Operating System par karna bahut hi asaan hota hai. Jo bahut old Operating System hote hai. Jaise windows 98 , Windows xp etc.
  • Yeh ATTACK kisi tarah ke Software ya Hardware par depend nahi hota hai. Yeh Protocols ke through kiya jata hai. Ise rokne ke liye hmesha apna Operating System or Browser ko Update rakhna chahiye
  • Is ATTACK ke through ek Hacker apke data ko read or Modify dono kar sakta hai. Or apke Computer ya Social Accounts ka miss use kiya ja sakta hai
https://youtu.be/sZq2O5f4m-s

PROCEDURE OF SESSION HIJACKING ATTACK

SESSION HIJACKING

Locating the Target

Find an active session

Perform Sequence Number Prediction

Take of the parties offline

Take over the Session and mantain the Connection

How we safe from SESSION HIJACKING?

  • Ise aap apne Social accounts ko safe rakhne ke liye apke accounts ko use karne ke bad hmesha logout jarur kare.
  • Is attack se bachne ke liye aap agar chahte hai. Tab incognito window ka use bhi kar sakte hai. Kyoki isme apke Browser mai apke browsing history ko record nahi kiya jata hai. Or na hi Cookies ko save kiya jata hai.
  • Ise bachne ke liye aap kabhi Public wifi mai apne Social accounts ka use mat kare or free wifi ko use nahi karna chahiye.
  • Is Attack se apne accounts ko bchane ke liye aap apne operating System or apke Browser ko hmesha update jarur rakhe.

The Conclusion

Main umeed karta hu ki apko SESSION HIJACKING ke bare mai pata chal gaya hoga. Aap iska kabhi galt use mat karen. Aisa nahi hai ki yeh attack karne ke liye hacker or user ko same network mai hona jaruri hai.

Yeh attack WAN Network mai bhi kiya ja sakta hai. Lekin veh thoda mushkil hota hai or thoda Procedure bhi alag hota hai. Apko Wan network mai yeh attack karne ke liye apko aise Scripts bnani hogi.

Jo Internet ke through victim ke browser se cookies ko nikal sakte hai. Aisa karne ke liye apko Programming Language ki achi Knowledge honi chahiye. Yeh script bnane ke liye apko PHP ke bare mai pata hona chahiye.

Agar apka SESSION HIJACKING ke bare mai kisi bhi tarah ka koi question hai tab aap comment box mai puch sakte hai. Agar apko yeh post achi lage to ise share jarur karen.

Thankyou

Be the first to comment

Leave a Reply

Your email address will not be published.


*