Cookie attacks, XSS, CSRF and Session fixation attacks

Cross Site scripting (XSS), Cross site request Forgery (CSRF) and Session Fixation are all attacks aiming the Cookie. People may think they are secure against cookie attack because they do not use cookies for their authentication purposes; they say they use sessions. Well, HTTP does not offer an additional element to handle sessions thus session are simply handled using cookies. As a matter of fact what is known as session is a cookie. That special cookie is actually your Session ID. Web servers and applications track your identity using this session ID. The goal of all the aforementioned attacks is to use this identity.

Cross Site scripting (XSS)

Cross Site scripting attacks intend to steal your cookies. Such attack is done by a malicious script inserted to the page. The attacker is a user of the website and he inserts the malicious script, to steal another website user cookie, by submitting the script through a vulnerable form of the website. Normally you can see this attack in forums or pages that a user can post a comment and other sees that post. If the website does not validate the comment input, it can contain a malicious java script to steal session id cookie.

Cross site request Forgery (CSRF)

Cross site request Forgery (CSRF) attack is actually the successor of XSS attacks. After many browsers added the functionality to defend against XSS attack, attackers tried to look at the issue from a different angle. An attacker wants to perform an action on behalf of the user after he or she steals the Session ID cookie so instead of stealing they perform the action on the client’s system. This way the defense to protect the cookies does not work anymore because the attacker does not steal the cookie but instead he uses it.

Session fixation attack

Session Fixation is my favorite! In a session fixation attack instead of stealing or using the cookie the attacker forces the victim to use a session id cookie. Using that session id cookie the attacker fools the victim to authenticate and then after a successful authentication the attacker uses the stolen session cookie to perform his malicious tasks. This attack is possible because for example in PHP you can send the session id using a query string or a post variable back to the server. The variable name should be the same as the cookie name for the session id and the server must not have set the Session Id cookie before the attack. If these pre conditions are met the server uses the received session id value as the session id cookie. In a phishing attack scenario a session fixation can play a very important part.

 

Read 842 times
Rate this item
0
(0 votes)
About Author
Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.

Advanced Programming Concepts
News Letter

Subscribe our Email News Letter to get Instant Update at anytime