This course is part of the 20 course Ethical Hacking Series. Session persistence is a fundamental concept in information systems. On the web, for example, which is dependent on the stateless HTTP protocol, session persistence is a key component of features ranging from shopping carts to the ability to logon. At a lower level on the network tier, the TCP protocol relies on sessions for communication between machines such as a client and a server. The confidentiality and integrity of this communication can be seriously impacted by a session hijacking attack. Learning how to identify these risks is an essential capability for the ethical hacker. Systems are frequently built insecurely and readily expose these flaws. Conversely, the risks are often easy to defend against by implementing simple patterns within the application. This course walks through both the risks and the defenses.

Understanding Session Hijacking
Overview
What Is Session Hijacking?
Types of Session Hijacking
Attack Vectors
The Impact of Session Hijacking
Session Hijacking and the OWASP Top 10
Summary

Session Persistence in Web Applications
Overview
The Stateless Nature of HTTP
Persisting State Over HTTP
Session Persistence in Cookies
Session Persistence in the URL
Session Persistence in Hidden Form Fields
Summary

Hijacking Sessions in Web Applications
Overview
Hijacking Cookies with Cross Site Scripting
Exposed Cookie Based Session IDs in Logs
Exposed URL Based Session IDs in Logs
Leaking URL Persisted Sessions in the Referrer
Session Sniffing
Session Fixation
Brute Forcing Session IDs
Session Donation
Summary

Network and Client Level Session Hijacking
Overview
Understanding TCP
Reviewing the Three-way Handshake in Wireshark
Generation and Predictability of TCP Sequence Numbers
Blind Hijacking
Man in the Middle Session Sniffing
IP Spoofing
UDP Hijacking
Man in the Browser Attacks
Network Level Session Hijacking in the Wild
Summary

Mitigating the Risk of Session Hijacking
Overview
Use Strong Session IDs
Keep Session IDs Out of the URL
Don’t Reuse Session ID for Auth
Always Flag Session ID Cookies as HTTP Only
Use Transport Layer Security
Always Flag Session ID Cookies as Secure
Session Expiration and Using Session Cookies
Consider Disabling Sliding Sessions
Encourage Users to Log Out
Re-authenticate Before Key Actions
Summary

Automating Session Hijack Attacks
Overview
Manipulating Session IDs with OWASP ZAP
Testing Session Token Strength with Burp Suite
Dynamic Analysis Testing with NetSparker
Other Tools
Summary