From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Hijacking sessions using man-in-the-browser - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Hijacking sessions using man-in-the-browser
- [Teacher] Man in the Browser, or MITB, is a form of attack which inserts code inside a user's browser possibly by having them visit a malicious website or clicking on a malicious email attachment. The malware sits inside the browser sniffing or modifying transactions prior to their transmission. But not interfering otherwise with the user's activity. This makes Man in the Browser an extremely difficult attack to detect. There are four common ways to create a Man in the Browser. Using browser helper objects, which are dynamically loaded libraries in Internet Explorer. Using extensions. These are the equivalent to browser helper objects for Firefox. Using API hooking. A technique which uses the Windows operating system to route messages through the malware. And using malicious JavaScript. Man in the Browser malware seamlessly integrates into the web application look and feel and retains the original URL and SSL protections. All intents and purposes, the injected page is the original…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Understanding web sessions4m 8s
-
(Locked)
Understanding WebSockets2m 41s
-
(Locked)
Banking on Zero1m 10s
-
(Locked)
Hijacking sessions using man-in-the-browser4m 32s
-
(Locked)
Intercepting sessions through man-in-the-middle4m 17s
-
(Locked)
Stripping SSL to downgrade the session1m 54s
-
(Locked)
Hijacking an HTTP session through cookies3m 20s
-
(Locked)
Using Subterfuge to hijack sessions through ARP poisoning7m 8s
-
(Locked)
Using Webscarab-NG as a web proxy3m 14s
-
(Locked)
Defeating the Hijack3m 6s
-
(Locked)
-
-
-
-