Abstract

Cookies and sessions are common and vital to a person’s experience on the Internet. The use of cookies was originally used to overcome a memoryless protocol while using a tiny amount of the system’s resources. Cookies make for a cohesive experience when shopping online, enjoying customized content, and even receiving personalized advertisements when casually surfing the Web. However, by design, cookies lack security. Our research begins by giving a background of cookies and sessions. It then introduces what session hijacking is, and a lab was constructed to test and show how a cookie can be stolen and replayed to gain authenticated access. Finally, the paper presents various countermeasures for common attacks and tools checking for authentication cookies vulnerabilities.

Highlights

  • Hypertext Transfer Protocol (HTTP) existed before cookie and led to the formation of cookies because of its design

  • Since no authentication or verification is needed from the requester, the Address Resolution Proofing (ARP) protocol can be exploited by flooding the network with false ARP requests

  • Once the target had been identified, the lab test was successful in showing a session can be hijacked by (1) tricking the target machine into thinking the attacker is the real router using ARP spoofing and sending all the network traffic to the attacker’s machine, (2) analyzing all the traffic packets to find a cookie with valid session information, and (3) replay the cookie to gain authorized access to server resources [6]

Read more

Summary

INTRODUCTION

A lab is used to test how a session can be hijacked by Address Resolution Proofing (ARP) spoofing [6]. ARP translates Internet Protocol (IP) addresses to a physical machine address. The physical machine address ( known as the MAC address) is an alphanumeric string that uniquely identifies the Network Interface Card (NIC). The lab is an example of a Man-in-the-Middle attack (MiTM), where the attacker places himself or herself in between the victim and the router. Using the ARP spoofing technique, the attacker tricks the victim into thinking that the requests are coming from the router. While a Windows power-user may use commands such as arp –a to detect an irregularity, it is often hard for a normal user to realize that he or she is a victim of a MiTM attack.

Environment Installation Notes
Lab Proceedings
Test Environment
LAB METHODOLOGY
Spoof ARP
Analyze Packets
Hijack Session
SECURITY OF COOKIES AND SESSIONS
Improving the Security of the Cookie
Tools for Evaluating the Security of Cookies
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.