Session Hijacking

In a session hijacking attack, the fraudster takes over an existing and authenticated session between the consumer and the website. The fraudster does not need to capture the consumer’s credentials to achieve this, which makes this attack very efficient against websites that use strong authentication mechanisms. Session identifier is a small piece of information, usually in the form of a cookie, that the website places on the consumer’s desktop when the consumer connects to the website. The consumer’s browser then forwards this cookie to the website with each request it sends. By observing the content of the cookie, the website can identify requests coming from the same browser. Upon successful authentication, the consumer’s session identifier is marked as authenticated in the website’s database. Any additional requests sent with this already authenticated session identifier will not require additional authentication by the web site. Using attack techniques such as cross-site-scripting and cookie-stealing malware, fraudsters can steal the session cookie from the consumer’s desktop. With a stolen cookie the fraudster can connect to the website and bypass the entire authentication process.

Sample Attacks:

• Cross Site Scripting
• Cross Site Scripting Could Make You Lose Your Cookies
• Cookie stealing and domain bypass vulnerability in Firefox
• Mozilla Cookie Stealing
• How to steal someones msn cookie

Rapport defeats session hijacking attacks using its API blocking layer. When an access to a session cookie is made by a malware or a cross side scripting attack from within the desktop Rapport intercepts the access request and blocks it. Rapport prevents the attacker from getting the session cookies and using them to access the website.

All other approaches to session hijacking protection focus on building a secure web application that does not include cross site scripting vulnerabilities. While this is a noble goal, it does not solve the session hijacking problem. Desktop malware can easily steal session information regardless of whether the website includes cross site scripting vulnerabilities or not.