{"id":1438,"date":"2017-01-18T23:48:37","date_gmt":"2017-01-18T21:48:37","guid":{"rendered":"http:\/\/sahinsolmaz.com\/blog\/?p=1438"},"modified":"2022-06-30T12:01:55","modified_gmt":"2022-06-30T09:01:55","slug":"session-fixation-oturum-sabitleme-hijacking-saldirisi-nedir-ornekli","status":"publish","type":"post","link":"https:\/\/sahinsolmaz.com\/blog\/session-fixation-oturum-sabitleme-hijacking-saldirisi-nedir-ornekli\/","title":{"rendered":"Session Fixation (Oturum Sabitleme), Hijacking Sald\u0131r\u0131s\u0131 Nedir? [\u00d6rnekli]"},"content":{"rendered":"

Web g\u00fcvenli\u011findeki pop\u00fcler konulardan olan session fixation, session hijacking sald\u0131r\u0131s\u0131na \u00f6rneklerle bir bakal\u0131m.<\/p>\n

Meali oturum sabitleme olan session fixation nedir<\/strong> ?<\/p>\n

Bir uygulamaya login olunduktan sonra id yenilenmiyorsa session fixation zafiyetinden bahsedilir. Oturum sabitleme a\u00e7\u0131\u011f\u0131ndan faydalanarak bir sald\u0131rgan kullan\u0131c\u0131n\u0131n\/kurban\u0131n oturumunu \u00e7alabilir, bu eyleme de session hijacking<\/em><\/strong> denir.<\/p>\n

Oturum sabitleme sald\u0131r\u0131s\u0131nda, sald\u0131rgan bildi\u011fi bir id ile, kullan\u0131c\u0131n\u0131n oturum a\u00e7ma i\u015flemini ger\u00e7ekle\u015ftirmeden \u00f6nce kullanmas\u0131n\u0131 sa\u011flar ve bu sayede kurban\u0131n, sald\u0131rgan taraf\u0131ndan g\u00f6nderilen url ile oturuma ba\u015flamas\u0131yla sald\u0131rgan kullan\u0131c\u0131n\u0131n oturumunu ele ge\u00e7irmi\u015f olur.<\/p>\n

Session Hijacking<\/strong><\/span> i\u00e7in kullan\u0131lan d\u00f6rt ana method vard\u0131r:<\/p>\n

    \n
  1. \n

    Session Fixation<\/strong><\/span><\/h4>\n

    A\u015fa\u011f\u0131da detayl\u0131ca g\u00f6rece\u011fiz.<\/li>\n

  2. \n

    Session Sniffing<\/strong><\/span><\/span><\/h4>\n

    Sald\u0131rgan bir dinleyici\/izleyici y\u00f6ntemiyle (\u00f6rn: Wireshark ile)<\/span><\/span>, session id ‘ye ula\u015f\u0131yor olmas\u0131, bkz:
    \n<\/span>
    \n
    \n<\/a><\/li>\n

  3. \n

    XSS (Cross-Site Scripting)<\/span>
    \n<\/strong><\/span><\/h4>\n

    Sald\u0131rgan, zararl\u0131 JavaScript kodu ile kurbana haz\u0131rlanm\u0131\u015f bir ba\u011flant\u0131 g\u00f6nderirse, kurban ba\u011flant\u0131y\u0131 t\u0131klad\u0131\u011f\u0131nda JavaScript \u00e7al\u0131\u015facak ve sald\u0131rgan taraf\u0131ndan verilen talimatlar\u0131 tamamlayacakt\u0131r. \u00d6rnek olmas\u0131 a\u00e7\u0131s\u0131ndan session id ekrana bast\u0131r\u0131lm\u0131\u015ft\u0131r, tabi ki sald\u0131rgana da g\u00f6nderilebilir.<\/p>\n

    \"\"<\/a>
    \n<SCRIPT>alert(document.cookie);<\/SCRIPT><\/span><\/p>\n

     <\/li>\n

  4. \n

    Malware (K\u00f6t\u00fc Ama\u00e7l\u0131 \/ \u0130stenmeyen Yaz\u0131l\u0131mlar)<\/strong><\/span><\/h4>\n

    Bir kullan\u0131c\u0131n\u0131n bilgisi olmadan taray\u0131c\u0131 cookie dosyalar\u0131n\u0131 \u00e7almak i\u00e7in browser hijacking<\/em> y\u00f6ntemini kullanabilir.<\/li>\n<\/ol>\n

     <\/p>\n

    SESSION FIXATION<\/span><\/h3>\n

    \u015eimdi ad\u0131m ad\u0131m bir bakal\u0131m<\/p>\n

      \n
    1. Sald\u0131rgan web sunucusunda oturum a\u00e7ar ,<\/li>\n
    2. Sunucu bir SID \/ oturum id ‘si tan\u0131mlar,<\/li>\n
    3. Bu session ID ile sald\u0131rgan\u0131n kurbana bir link g\u00f6ndermesi gerekir,<\/li>\n
    4. Kurban\u0131n gelen bu ba\u011flant\u0131ya t\u0131klamas\u0131 ve sunucuyla ba\u011f kurmas\u0131 gerekir,<\/li>\n
    5. Sunucu oturum i\u015fleminin \u00f6nceden zaten kuruldu\u011funu g\u00f6r\u00fcr ve yeni bir oturum kimli\u011fi olu\u015fturma gereksinimi duymaz. (i\u015fte zafiyet burada)<\/li>\n
    6. B\u00f6ylece sald\u0131rgan oturuma eri\u015fmi\u015f olur.<\/li>\n<\/ol>\n

       <\/p>\n

      <\/a>

      Bu sald\u0131r\u0131y\u0131 en iyi anlatan g\u00f6rsel diyebiliriz san\u0131r\u0131m.<\/p><\/div>\n

      URL tabanl\u0131 basit ve anla\u015f\u0131l\u0131r bir g\u00f6rsel.
      \n<\/em><\/p>\n

       <\/p>\n

      Session Fixation \u00d6rnek Video<\/span><\/h2>\n

      <\/p>\n