Bibliographic details and abstracts are available to all. Downloads of full-text dissertations are restricted to University of Portsmouth members who must login. MPhils may be accessed by all.

Abstract

Two factor authentication (2FA) has remarkably enhanced the security space of digital authentication and has mitigated the risk present in single factor traditional based systems that include username and password. Despite its robust protection of adding extra layers to user accounts, 2FA still remains susceptible to sophisticated cyber-attacks. However, with advanced techniques such as session cookie hijacking using Man-in-the-Middle attacks methods, this has become a significant threat, especially with tools like Evilginx2 that exploit vulnerabilities in web session management. This study investigated how Evilginx2 exploits session cookie vulnerabilities in 2FA systems and proposed countermeasures to mitigate such attacks. Instagram was used as a case study. A controlled lab environment was set up on a Contabo VPS running Ubuntu, complete with a phishing page masquerading as the Instagram login interface. SSL certificates and DNS configurations ensured a realistic simulation of web interactions. This led to the hijacking of session cookies in 10 phishing attempts, achieving a 90% success rate, with unauthorized account access bypassing 2FA in 70% of the cases. On average, the session cookies remained valid for 14 hours, making it possible for an attacker to carry out high-privilege actions without raising suspicions. User behaviour analysis showed that 83.3% of participants depended on the HTTPS padlock as an indication of security, while only 16.6% checked the URL for its legitimacy. The results have pointed out serious vulnerabilities in the 2FA system and have called for increasing user awareness and better session cookie management. This study gives a comprehensive understanding of session cookie hijacking and proposes countermeasures, including browser-side cookie protections, user education on phishing detection, and enhanced anomaly detection systems, to strengthen the resilience of 2FA mechanisms.

Course: Cyber security and digital forensics - MSc - P3193PTD

Date Deposited: 2025-02-19

URI/permalink: https://library.port.ac.uk/dissert/dis14696.html