Sunday, 25 September 2011

Posted by Unknown On 04:55
Session hijacking is widely used method by hackers for temporarily stealing network connections or login sessions. You might have heard this term used a lot by hackers & some of you have emailed me to explain it in brief.
So this post will explain you what exactly is session hijacking

What is Session
We see lot of Wireless network services offering us to use Wi Fi based on pay per use model – where you have to pay for usage and it costs really high but gives you high speed connectivity.
Evry user that pays for the service get connected. A unique MAC address of his laptop/netbook is stored in Service providers database for every paid user. Every time he gets connected to the paid network it creates a session and Session ID.


Every other user do not having authenticated MAC address and Session gets no connectivity. So this unique connection between user & wireless connectivity provider is session.
Black hat hackers have been using this technique from a long time to get unauthorized access to Paid Wi Fi network.
What is Session Stealing
In session hijacking we create a fake MAC address on our network interface & replace it with original one that we have by using MAC changer utility. And the fake MAC address that we are using is of certain user who is on the network &has already paid the wireless network usage.
So we spoof the MAC address & let network determine us through his MAC address as authenticated user. This is what we call Session Stealing or Hijacking.

0 comments:

Post a Comment