IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [browser-hijacking]

69 questions
12
votes
3 answers

Session Hijacking through sessionId brute-forcing possible?

cookies usually contain a sessionId to keep track of a logged user. What would prevent a malicious user to forge millions of requests with random sessionIds and send them to a server, hoping to luckily end up with an existing session Id, and…
niilzon
  • 1,587
  • 2
  • 10
  • 17
12
votes
2 answers

How does BeEF work and how can it be persistent?

BeEF - the browser exploitation framework. I think (thought) I had a basic working understanding of how it works. Recently, though, I was watching, this DEFCON talk, where a hacker used a man-in-the-middle attack to inject a BeEF hook into a lot…
B1CL0PS
  • 223
  • 1
  • 2
  • 5
10
votes
0 answers

How to isolate persistent pop-up browser hijack

There's a persistent browser pop-up affecting Mozilla Firefox which has evaded a number of security pre-cautions and attempts to find a remove it. It's gone on for at least 3 months. The pesky pop-up always advertises "super-resume.com" with a…
Hack-R
  • 213
  • 2
  • 8
10
votes
1 answer

Can browser cookies be "physically" stolen?

Can someone with physical access to a target computer steal the web browser cookies in that and setup a rogue authenticated session later?
Andrada2
  • 575
  • 4
  • 7
9
votes
2 answers

Is the Google address being spoofed on my computer?

I might use some inappropriate terminology because I am no expert, but please feel free to correct me where it is needed. I believe that a process has modified some network file on my computer, like the hosts file, in order to reroute my Google…
Klik
  • 203
  • 1
  • 5
8
votes
3 answers

Why can't cookie hijacking be prevented by associating cookies with IPs?

I just started reading about cookies and all the ways I can get them wrong and allow cookies to be hijacked which allows attackers to do things like impersonate a logged in user. I don't understand why this can't be solved by simply having the…
Praxeolitic
  • 603
  • 6
  • 11
5
votes
2 answers

How Do I Troubleshoot a Browser Hijack on a Mac?

My Mac is getting weird redirects with Safari and Chrome, however not with Mozilla Firefox. Since I cannot find software to do malware removal on Apple products or any good information, I am at a loss as to how to proceed after uninstalling and…
sas08
  • 223
  • 2
  • 11
5
votes
1 answer

Browser exploits based purely on HTML + CSS

In 2011, Eli Fox-Epstein demonstrated a Rule 110 machine in HTML + CSS3. This led some to say that the combination of HTML + CSS3 is Turing complete. Regardless of whether HTML + CSS3 is technically Turing complete, do any known exploits (in the…
sampablokuper
  • 1,961
  • 1
  • 19
  • 33
5
votes
2 answers

Preventing Browser from BeEF Exploitation

BeEF is a great browser-based exploitation tool. But in some cases, people unknowingly get hooked due to beef when its hook.js is kept in an invisible iframe of an HTML source. So how can we detect that our browser is actually hooked by BeEF…
Gerorge Timber
  • 464
  • 5
  • 17
4
votes
2 answers

Why Sniff Session Cookies when UN/PW should also be available?

I've recently been reading on session cookies and how they can be hijacked via man-in-middle attacks. It seems this is mainly possible on an unencrypted connection between a client and a webserver. However, I cannot figure out why, if one is already…
Islay
  • 593
  • 1
  • 4
  • 9
4
votes
3 answers

Is Firefox's new JavaScript support within PDF files a security concern?

Historically, we have learned that many security vulnerabilities and exploits have resulted from allowing document files to contain executable code, whether it be JavaScript, VBScript, another scripting language, or even macros. As such, since the…
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
3
votes
2 answers

Website infected with unwanted "redirections", apparently via javascript code

I'm working on a clients website, and I realize they've been compromised. Early today there was a major problem with a php eval(base64_decode issue. That was cleaned up via Andy Stratton clean.php repair (which searches for infected files and then…
zipzit
  • 235
  • 1
  • 9
3
votes
1 answer

XSS prevention by securing cookies locally

i was wondering if there was a way to prevent XSS by creating a safe layer within the storage of cookies in the browser locally? Or would there be any unique ways to protect against XSS. I know this has probably been done before but I am rather new…
xylinox
  • 31
  • 1
2
votes
1 answer

How does this website prevent directing away from it

I'm using the latest version of Firefox with Ghostery and Adblock plus installed. This website somehow prevents navigation away from it. How does it do this and how can it be protected against? I can't even close the browser…
Celeritas
  • 10,039
  • 22
  • 77
  • 144
2
votes
1 answer

Is it still possible to get a virus simply by visiting a website?

I know this is a duplicate question, but there aren't any recent updates on the answers given to this question(here and here) and after a few years, I'm sure browser security has improved drastically. I was wondering if it's still possible for a…
UnrealApex
  • 123
  • 4
1
2 3 4 5