Analysis of Http Cookie Hijacking in the Wild

Abstract

Because cookies act as the sole evidence of user identification, web sessions are especially vulnerable to attacks through session hijacking, where the server operated by a specific user sends users ' identity requests. If n > 1 cookies are used to execute a session, n sub-sessions that actually run on the same website where the individual cookies are used to access part of the session's state details. Our cookie hijacking analysis shows a range of significant defects; attackers may reach Google's home address and work address and websites that are accessed by Bing or Baidu, show the entire browsing history of the user, and Yahoo enables attackers to delete the list of contacts and upload emails from the account of the consumer. For fact, e-commerce providers such as Amazon and Ebay have a limited, complete customer order background, so almost all platforms have a user name so e-mail address on their page. Ad networks like Doubleclick will also expose pages accessed by the customer. In this article, we propose to improve the latest state-of - the-art HTTP(S) session control by utilizing user fingerprint.A vast range of functionalities of the new client tracking makes session identification on the server observable and dramatically increases the threshold for attackers. Furthermore, this paper describes HTML5 and CSS capabilities for client fingerprinting and the recognition or authentication of a device by using the UserAgent list.