Analysis of Http Cookie Hijacking in the Wild
K.Samhitha1, K.Tharun2, P.Likhith3, T.Srinivasarao4
1K.Samhitha, Bachelor’s Degree, Computer Science, K L University, Vijayawada, India.
2K.Tharun , Bachelor’s Degree, Computer Science, K L University, Vijayawada, India.
3P.Likhith, Bachelor’s Degree, Computer Science, K L University, Vijayawada, India.
4Dr.T.Srinivasarao, Professor, Department of Computer Science & Engineering, Koneru Lakshmaiah Education Foundation, Vaddeswaram, Ap, India.
Manuscript received on April 20, 2020. | Revised Manuscript received on April 30, 2020. | Manuscript published on May 10, 2020. | PP: 859-863 | Volume-9 Issue-7, May 2020. | Retrieval Number: F4011049620/2020©BEIESP | DOI: 10.35940/ijitee.F4011.059720
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Because cookies act as the sole evidence of user identification, web sessions are especially vulnerable to attacks through session hijacking, where the server operated by a specific user sends users ‘ identity requests. If n > 1 cookies are used to execute a session, n sub-sessions that actually run on the same website where the individual cookies are used to access part of the session’s state details. Our cookie hijacking analysis shows a range of significant defects; attackers may reach Google’s home address and work address and websites that are accessed by Bing or Baidu, show the entire browsing history of the user, and Yahoo enables attackers to delete the list of contacts and upload emails from the account of the consumer. For fact, e-commerce providers such as Amazon and Ebay have a limited, complete customer order background, so almost all platforms have a user name so e-mail address on their page. Ad networks like Doubleclick will also expose pages accessed by the customer. In this article, we propose to improve the latest state-of – the-art HTTP(S) session control by utilizing user finger print. A vast range of functionalities of the new client tracking makes session identification on the server observable and dramatically increases the threshold for attackers. Furthermore, this paper describes HTML5 and CSS capabilities for client fingerprinting and the recognition or authentication of a device by using the User Agent list.
Keywords: Cookies, Attacks, Session hijacking, HTTP, Authentication, Fingerprinting and recognition.
Scope of the Article: Image Processing and Pattern Recognition