Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which
Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is
eavesdropping the conversation and keeps the password. After the interchange is over, Eve
connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice’s password
read from the last session, which Bob accepts. Which of the following attacks is being used by
Eve?

A.
Replay

B.
Fire walking

C.
Cross site scripting

D.
Session fixation

Explanation:

Eve is using Replay attack. A replay attack is a type of attack in which attackers capture packets
containing passwords or digital signatures whenever packets pass between two hosts on a
network. In an attempt to obtain an authenticated connection, the attackers then resend the
captured packet to the system. In this type of attack, the attacker does not know the actual
password, but can simply replay the captured packet. Session tokens can be used to avoid replay
attacks. Bob sends a one-time token to Alice, which Alice uses to transform the password and
send the result to Bob (e.g. computing a hash function of the session token appended to the
password). On his side Bob performs the same computation; if and only if both values match, the
login is successful. Now suppose Mallory has captured this value and tries to use it on another
session; Bob sends a different session token, and when Mallory replies with the captured value it

will be different from Bob’s computation.
Answer option C is incorrect. In the cross site scripting attack, an attacker tricks the user’s
computer into running code, which is treated as trustworthy because it appears to belong to the
server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Answer option B is incorrect. Firewalking is a technique for gathering information about a remote
network protected by a firewall. This technique can be used effectively to perform information
gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set
to expire one hop past the firewall.
Answer option D is incorrect. In session fixation, an attacker sets a user’s session id to one known
to him, for example by sending the user an email with a link that contains a particular session id.
The attacker now only has to wait until the user logs in.