Welcome friends, today we are gonna learn about what is cookie stealing and session hijacking but before starting this tutorial let us first talk about what is cookie.
Cookie: Cookie is a file which is used to store the password or information which you give while visiting the websites online. You can relate this with a real life example where we have to note some data on a paper for further use. So, that paper acts as a cookie file which stores some information. These passwords or information are captured and stored by the file called cookie, so that next time when you are about to access those websites then you don't need to insert your login details or your information again. Cookie can be both a simple text file or a database file. A cookie always has some expiry date because while creating a cookie in a program, programmer also sets it's expiry date by providing the date as a parameter while setting the cookie.
Cookie vs Session: Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years. Cookies, having their data stored on the client,whereas sessions are stored on the server, which means clients do not have access to the information you store about them.
So, as far as time is concerned, it's good that we don't need to insert our log in details again and again but as far as security is concerned this may be very dangerous. The moment you log-in into your online account say facebook.com then a session is started there and meanwhile stealing that session is called "Session Hijacking".
How cookie stores your details: Cookie stores your information in a very simple manner. When you give your information to a website using any browser and click on log in or submit or sign up button then your browser asks you "Do you wanna remember the username and password for this site" or something like that and if you click on yes then that's it, your log in details are there in your cookie file. So, it is good to auto save your information when you know the system which you are using to log-in is all yours and nobody accept you can use that system. But what if a random guy use your system when you are not with your system. So, one can log in into your online account without giving the log in details and also one can steal your cookie file and retrieve the details from it. A cookie can be of two types which are as:
1) Session Cookie: It is also called a transient cookie, a cookie that is erased when you close the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed.
2) Persistent cookie: It is also called a permanent cookie, or a stored cookie, a cookie that is stored on your hard drive until it expires (persistent cookies are set with expiration dates) or until the user deletes the cookie.
And one thing is to be noted that both types of cookies can be hacked easily.
How my cookie can be hacked: Cookie can be stolen easily if you are a little careless about your privacy. If an attacker fascinates you in his trap by giving a random link or making you click on a scripted image (i.e, an image binded by scripts where attacker writes code to steal cookie). So, if you just click on that image or that link, that's it, he is all done. You are hacked. He can now access your account.
Also, if you access your account on a cyber cafe and click on "Remember Me" for auto filling the log-in details then though after using that computer in cyber cafe, you leave the cafe but still you also forget your cookie in their system. So, in this way also your account may be hacked.
Also, if an attacker allows you to use his system in which keylogger has installed already then also your account along with all activities you perform in his system can be traced out.
So, these were the possible reasons behind a cookie or session hijacking.
How to protect yourself from cookie and session hijacking: We will tell you the possible ways to stop making yourself being a victim of session and cookie hijacking:
1) Say no to "Remember Me": Never ever click remember me if you are not very sure about the system which you are using is only and only yours.
2) Think before clicking a random link: Never be a fool and just click on any suggested links or any images. Sometime an attacker suggests you to click on a link for visiting a website, saying that "hey go and check out this link, here you will get almost 90% paytm cashback on each item you buy" and you just got trap in his con. So, be smart and do not simply click on the link. First google about the reality and collect information about the website which is mentioned in that link and check whether or not that website even exists.
3) Think before clicking over an image with illusion: If someone gives you a random image and he says click on that image and you will be blessed by god and good things will happen to you and so on and on. Then do not become a fool, first open that image with a notepad or any text editor and find out if the image contains some malicious codes or not. Soon, we will tell you details about this protection. So stay tuned.
4) Use Incognito Mode: If you are using a computer in cyber cafe or computer of someone else then better to surf the web in incognito mode and feel free because this mode never ever let computer to remember even your history of surfing the web. So, this mode does not let you to leave your traces.
So, guys these were the possible shield that one can have against cookie stealing. So that's it for today's session we will bring some more alert like this. Till then please like, share & subscribe.
Cookie: Cookie is a file which is used to store the password or information which you give while visiting the websites online. You can relate this with a real life example where we have to note some data on a paper for further use. So, that paper acts as a cookie file which stores some information. These passwords or information are captured and stored by the file called cookie, so that next time when you are about to access those websites then you don't need to insert your login details or your information again. Cookie can be both a simple text file or a database file. A cookie always has some expiry date because while creating a cookie in a program, programmer also sets it's expiry date by providing the date as a parameter while setting the cookie.
Cookie vs Session: Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years. Cookies, having their data stored on the client,whereas sessions are stored on the server, which means clients do not have access to the information you store about them.
So, as far as time is concerned, it's good that we don't need to insert our log in details again and again but as far as security is concerned this may be very dangerous. The moment you log-in into your online account say facebook.com then a session is started there and meanwhile stealing that session is called "Session Hijacking".
How cookie stores your details: Cookie stores your information in a very simple manner. When you give your information to a website using any browser and click on log in or submit or sign up button then your browser asks you "Do you wanna remember the username and password for this site" or something like that and if you click on yes then that's it, your log in details are there in your cookie file. So, it is good to auto save your information when you know the system which you are using to log-in is all yours and nobody accept you can use that system. But what if a random guy use your system when you are not with your system. So, one can log in into your online account without giving the log in details and also one can steal your cookie file and retrieve the details from it. A cookie can be of two types which are as:
1) Session Cookie: It is also called a transient cookie, a cookie that is erased when you close the Web browser. The session cookie is stored in temporary memory and is not retained after the browser is closed.
2) Persistent cookie: It is also called a permanent cookie, or a stored cookie, a cookie that is stored on your hard drive until it expires (persistent cookies are set with expiration dates) or until the user deletes the cookie.
And one thing is to be noted that both types of cookies can be hacked easily.
How my cookie can be hacked: Cookie can be stolen easily if you are a little careless about your privacy. If an attacker fascinates you in his trap by giving a random link or making you click on a scripted image (i.e, an image binded by scripts where attacker writes code to steal cookie). So, if you just click on that image or that link, that's it, he is all done. You are hacked. He can now access your account.
Also, if you access your account on a cyber cafe and click on "Remember Me" for auto filling the log-in details then though after using that computer in cyber cafe, you leave the cafe but still you also forget your cookie in their system. So, in this way also your account may be hacked.
Also, if an attacker allows you to use his system in which keylogger has installed already then also your account along with all activities you perform in his system can be traced out.
So, these were the possible reasons behind a cookie or session hijacking.
How to protect yourself from cookie and session hijacking: We will tell you the possible ways to stop making yourself being a victim of session and cookie hijacking:
1) Say no to "Remember Me": Never ever click remember me if you are not very sure about the system which you are using is only and only yours.
2) Think before clicking a random link: Never be a fool and just click on any suggested links or any images. Sometime an attacker suggests you to click on a link for visiting a website, saying that "hey go and check out this link, here you will get almost 90% paytm cashback on each item you buy" and you just got trap in his con. So, be smart and do not simply click on the link. First google about the reality and collect information about the website which is mentioned in that link and check whether or not that website even exists.
3) Think before clicking over an image with illusion: If someone gives you a random image and he says click on that image and you will be blessed by god and good things will happen to you and so on and on. Then do not become a fool, first open that image with a notepad or any text editor and find out if the image contains some malicious codes or not. Soon, we will tell you details about this protection. So stay tuned.
4) Use Incognito Mode: If you are using a computer in cyber cafe or computer of someone else then better to surf the web in incognito mode and feel free because this mode never ever let computer to remember even your history of surfing the web. So, this mode does not let you to leave your traces.
So, guys these were the possible shield that one can have against cookie stealing. So that's it for today's session we will bring some more alert like this. Till then please like, share & subscribe.
No comments:
Post a Comment