Premium Resources

Training Courses

Free Resources

Session Hijacking Levels

Session Hijacking can be done at two levels:

Network Level
Application Level

Network Level hijacking includes TCP and UDP sessions.

Application Level hijacking occurs with HTTP Sessions.

Application Level Hijacking:

Here the valid session token is stolen or predicted to take over the session. Various attacks involved here are-

Man in the middle attack:

By using automated tools/spoofing methods the attacker splits the connection between the targets into two. One connection between the client and attacker and another one between attacker and server. Since the attacker becomes the man in the middle, all the traffic goes through him, hence he can capture the session Id.

Cross-site scripting:

Client-side vulnerabilities like XSS attacks allow an attacker to craft a malicious script to get the session Id from the application.

Using Proxy:

By setting up a proxy and causing the traffic to flow through the proxy, one can capture the session Id details.

Man-in the–Browser:

By installing a Trojan in the victim’s browser will notify the attacker the session Id.

Session Replay:

Capturing the authentication packets by sniffing the traffic; replaying those packets after a time interval may cause the attacker to successfully login to the session of the authorized user.

What is Hacking? What is Ethical Hacking? Who is an Ethical Hacker?

CIA Triangle Important characteristics of Information Security, Functionality and Usability Triangle Phases of Hacking Different types of attacks Vulnerability Assessment Penetration Testing Information Security Laws, Standards and frameworks

What is Footprinting Objectives of Footprinting Footprinting Methodology

What is Scanning? Network Scanning Scanning Methodology

Enumeration and its Types NetBIOS Enumeration SNMP Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration

Goals of System Hacking Gaining Access Privilege Escalation Executing Applications Hiding Files Covering Tracks

Introduction to Malware Threats and its Types Virus Trojans Worms Rootkits, Spyware and Ransomware How to Detect Malicious Software

Sniffing and its Types ARP and CAM Table Active Sniffing Attacks DHCP Poisoning

Social Engineering and its Attacks Computer and Mobile Based Social Engineering

Denial of Service attacks and its Types

Session Hijacking and its Types Session Hijacking Process Session Hijacking Levels Network or TCP Session Hijacking

Web Server and its Types of Attacks

Web Application and its types of Attacks Injection Flaws Cross-Site Scripting Web Services Attacks Hacking Methodology

Introduction to SQL Injection Types of SQL Injection

Introduction to Hacking Wireless Networks Encryption Types Wi-Fi Attacks

Introduction to Hacking Mobile Devices Android Types of Android Attacks IOS Mobile Device Management

Firewall IDS: Intrusion Detection System Ways of Detecting Attacks

Introduction to Cryptography PKI: Public Key Infrastructure SSL: Secure Socket Layer

Introduction to Cloud Computing Types of Cloud Computing Benefits, Threats, and Attacks on Cloud Computing Security in Cloud

Premium Resources

Free Resources

Session Hijacking Levels

Session Hijacking can be done at two levels:

Application Level Hijacking:

Man in the middle attack:

Cross-site scripting:

Using Proxy:

Man-in the–Browser:

Session Replay:

PMP Home

Introduction to Project Management

The Project Environment

Role of the Project Manager

Integration Management

Scope Management

Schedule Management

Cost Management

Quality Management

Resource Management

Communication Management

Risk Mangement

Procurement Management

Stakeholder Management

Trends and Emerging Practices

Considerations for Agile/Adaptive Projects

PMI-ACP Home

Agile Estimation

Agile Frameworks and Terminologies

Introduction on Scrum

Agile Risk Management

Soft Skills

Introduction on Lean

Value Priority

Agile Techniques

Agile Metrics

Communications Management

Agile Planning

Ethical Hacking

Introduction to Ethical Hacking

Footprinting and Reconnaissance

Scanning

Enumeration

System Hacking

Malware Threats

Sniffing

Social Engineering

Denial of Service