Detailed Description of Session Hijacking
Let’s take a closer look at exactly what has to happen to hijack a session. The following are the main steps that must be taken to perform an active session hijack, where the goal is to take over an existing session:
Find a target.
Perform sequence prediction.
Find an active session.
Guess the sequence numbers.
Take one of the parties offline.
Take over the session.
Find a Target
This might seem obvious, but to hijack a session, the attacker must find a suitable target. There are some key points he observes when searching for a suitable target. First, he usually wants the target to be a server that allows session-oriented connections like telnet and FTP. Also, from a firewall standpoint, the attacker probably ...
Get Hackers Beware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.