Session splicing is an IDS evasion technique in which an attacker
delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.
Which tool can be used to perform session splicing attacks?
A. Whisker
B. tcpsplice
C. Burp
D. Hydra
One
basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets wi
th small payloads. The whisker evasion tool calls crafting packets with small payloads session splicing.
References: