CookiesWall: Preventing Session Hijacking Attacks Using Client Side Proxy
Published 2017 · Computer Science
HTTP cookie plays an important role in web applications, as it is used for session authentication without using the login information repeatedly. On the other hand, such technique introduces several security vulnerabilities allowing an attacker, to have the complete control of a session by extracting the corresponding cookie. Therefore, HTTPS is recommended to prevent the exposure of cookie. Unfortunately, cookie can be extracted by different techniques even if HTTPS is employed. This work proposes a simple but effective solution called CookiesWall to prevent session hijacking. CookiesWall is implemented as a client side proxy using Python. The proposed mechanism imposes negligible overhead. False positive and false negative of this mechanism is observed to be much lesser.