What is JSON hijacking or JavaScript hijacking?
In JSON hijacking or JavaScript hijacking, an attacker exploits vulnerabilities in a browser and attacks a system. In this attack, the attacker targets a server that uses JSON or JavaScript Object Notation as a transport mechanism between the server and the client and steals sensitive data. The attacker accesses JSON data from applications that return sensitive data using JSON arrays in a GET request.
How does JSON hijacking work?
When a user authenticates himself in a web server, the session is maintained with an HTTP cookie. The cookie is placed on the user’s computer. And later, when the browser sends any request to the web server, the information in the cookies is used. In the JSON hijacking or JavaScript hijacking attack, the attacker tricks a victim into sending a malicious request to the web server and, thus, steals sensitive data.
The following steps lead to a JSON hijacking attack:
- The user authenticates to a vulnerable web application, and HTTP cookies are placed on his computer.
- The user clicks on a link that the attacker has already sent him. The link contains a script on the attacker’s website. The attacker may use social engineering to convince the user to click the link. For example, the attacker may send the user an email asking the user to click on the link to see some interesting pictures or videos.
- The user clicks on the link, and the malicious script starts executing. At this point, the victim’s browser makes a request to the attacker’s website.
- The attacker’s website responds with an HTML containing JavaScript and a script tag.
- The victim’s browser sees the script tag and makes another GET request to the vulnerable web application. At this time, the victim’s browser uses the cookies placed on the victim’s computer.
- The vulnerable web server now responds with a JSON object containing sensitive information.
- The attacker uses malicious code to capture the JSON object returned by the vulnerable server. The attacker can capture the JSON object before any other processing occurs, usually by overriding JavaScript functions.
- The malicious code now sends the JSON object containing sensitive information to the attacker.
0 Comments