Research on Detection and Prevention of Man-in-the middle Attack in Web Application

In this project we are created a dummy website to launch the attack. Stoner/User is logged in into the system and has established connection with the server. The session established between the user the server can be hijacked by attacker by masquerading as an authorized user called Man-in-the middle (MITM). The Target of attacker is to have access to user’s confidential records in the server for their own financial gain. The attacker when access its gained into the server and will not have to border himself crack the login key since he has been confirmed to have the session. The attacker has full control of system while the session is still in progress. The proposed model captures the each and every activity of a user or a person. This system will show how the attack will be to done and how it affects the operation on the web. The prevention measures for session hijacking are: 1) we can have an automatic log off after the session ends. 2) Deleting the session cookie from the user server and computer enhances security. The system architecture will helps to detect and prevent session hijacking in order to make user records more confidential, secure and reliable. The system uses algorithm for the session ID creation using rigid algorithm, time out session and re-authentication session. Also The session auto-generate the session-ID so that all existing connections are closed and the users are re-authenticated to the web application without loss of records.