Abstract
Cookies and sessions are common and vital to a person’s experience on the Internet. The use of cookies was originally used to overcome a memoryless protocol while using a tiny amount of the system’s resources. Cookies make for a cohesive experience when shopping online, enjoying customized content, and even receiving personalized advertisements when casually surfing the Web. However, by design, cookies lack security. Our research begins by giving a background of cookies and sessions. It then introduces what session hijacking is, and a lab was constructed to test and show how a cookie can be stolen and replayed to gain authenticated access. Finally, the paper presents various countermeasures for common attacks and tools checking for authentication cookies vulnerabilities.
Highlights
Hypertext Transfer Protocol (HTTP) existed before cookie and led to the formation of cookies because of its design
Since no authentication or verification is needed from the requester, the Address Resolution Proofing (ARP) protocol can be exploited by flooding the network with false ARP requests
Once the target had been identified, the lab test was successful in showing a session can be hijacked by (1) tricking the target machine into thinking the attacker is the real router using ARP spoofing and sending all the network traffic to the attacker’s machine, (2) analyzing all the traffic packets to find a cookie with valid session information, and (3) replay the cookie to gain authorized access to server resources [6]
Summary
A lab is used to test how a session can be hijacked by Address Resolution Proofing (ARP) spoofing [6]. ARP translates Internet Protocol (IP) addresses to a physical machine address. The physical machine address ( known as the MAC address) is an alphanumeric string that uniquely identifies the Network Interface Card (NIC). The lab is an example of a Man-in-the-Middle attack (MiTM), where the attacker places himself or herself in between the victim and the router. Using the ARP spoofing technique, the attacker tricks the victim into thinking that the requests are coming from the router. While a Windows power-user may use commands such as arp –a to detect an irregularity, it is often hard for a normal user to realize that he or she is a victim of a MiTM attack.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
