Here we will see the different Session Layer Attacks. The session layer sets up, manages and terminates exchanges and conversations.
Session Layer features:
Session Hijacking
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
The session token could be compromised in different ways; the most common are:
Man in the Middle Attack
Blind Hijacking
Man-in-the-Browser attack
The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the main application’s executable (ex: the browser) and its security mechanisms or libraries on-the-fly.
Points of effect:
Session Sniffing
SSH Downgrade Attack
Session Layer features:
- Session Checkpoint
- Session Adjournment
- Session Termination
- Half- and Full-Duplex Operations
Session Hijacking
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
The session token could be compromised in different ways; the most common are:
Man in the Middle Attack
- Attacker intercepts all communications between two hosts.
- With communications between a client and server now flowing through the attacker, he or she is free to modify their content.
- Protocols that rely on the exchange of public keys to protect communications are often the target of these types of attacks
Blind Hijacking
- An attacker injects data such as malicious commands into intercepted communications between two hosts commands like "net.exe localgroup administrators /add EvilAttacker".
- This is called Blind Hijacking because the attacker can only inject data into the communications stream, but cannot see the response to that data (such as "The command completed successfully.")
- Essentially, the blind hijack attacker is shooting data in the dark, but this method is still very effective
Man-in-the-Browser attack
The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the main application’s executable (ex: the browser) and its security mechanisms or libraries on-the-fly.
Points of effect:
- Browser Helper Objects – dynamically-loaded libraries loaded by Internet Explorer upon startup
- Extensions – the equivalent to Browser Helper Objects for Firefox Browser
- API-Hooking – this is the technique used by Man-in-the-Browser to perform its Man-in-the-Middle between the executable application (EXE) and its libraries (DLL).
- Javascript – By using a malicious Ajax worm
Session Sniffing
- First the attacker uses a sniffer to capture a valid token session called “Session ID”, then he uses the valid token session to gain unauthorized access to the Web Server.
- Sniff the victim for the valid session
- Use the Session ID sniffed from the victim to authenticate with the web server
- Activate the victim session in your own system
SSH Downgrade Attack
- SSH is the most famous example of a downgrade attack where the attacker forces the client and the server to use the insecure SSH1 protocol.
- The client sends a request to establish a SSH link to the server and asks it for the version it supports The server answers either with:
- ssh-2.xx The server supports only SSH2
ssh-1.99 The server supports SSH1 and SSH2
ssh-1.51 The server supports only SSH1 - This attack occurs at the server that supports both SSH1 and SSH2