Pay for a course
info@pmexpertgroup.com
+91 8920044313
Cart
0
0.00 INR

What Is a Replay Attack?

11/05/2025

🔁 What Is a Replay Attack?

A replay attack is a type of network attack where a hacker captures a valid data transmission between two parties and re-sends (replays) it later to trick the system into accepting it as genuine.

In most cases, the attacker does not need to understand or decrypt the content of the message — just recording and resending it can be enough.

The goal is usually to impersonate a user, repeat an action, or gain unauthorized access.

🧠 How It Works:

  1. A user sends a request — like logging in, performing a transaction, or accessing a system.

  2. An attacker intercepts and records that message.

  3. Later, the attacker re-sends the exact same message to the server or system.

  4. If there's no protection, the system accepts it and performs the action again — as if it came from the original user.

📌 Example 1: Login Replay

A user logs in to a server. The login request includes a username and a hashed password or token. An attacker captures this message.

Later, the attacker replays that same login request — and the server logs them in as the original user, without needing the actual password.

This works if the server doesn't check timestamps, tokens, or uniqueness of requests.

📌 Example 2: Online Banking

Let's say Alice sends a request to transfer $100 to Bob. The message includes all details like amount, account numbers, and maybe a session token.

An attacker captures this transfer request and replays it several times. The server processes each as a valid request, and Bob receives $100 multiple times.

If the bank server doesn't recognize that the message has already been used, it treats each replay as a new transaction.

📌 Example 3: Smart Card / RFID Access

In physical security systems (e.g., office door access), RFID badges or smart cards send signals to unlock a door.

A hacker with a simple RFID reader can stand nearby, record that signal, and later replay it to the door's receiver.

The door opens again — even though the original cardholder isn't there. This is called a relay or replay attack in RFID systems.

📌 Example 4: API Calls in Web Apps

Imagine an API that gives access to private data when a user sends a request with a signed URL or token.

An attacker captures a valid API call URL (e.g., from browser history or insecure traffic), and reuses it — even though the session was supposed to expire.

If the server doesn't validate the timestamp or request freshness, the attacker gets access to private data.

🔒 How to Defend Against Replay Attacks

  • Timestamps: Attach the current time to messages. The server checks whether the request is recent (e.g., within 5 seconds).

  • Nonces: Use a random number or string that's unique per request. The server tracks used nonces and rejects duplicates.

  • Session tokens: Tie each action to a session and make sure tokens are single-use or short-lived.

  • Encryption with message authentication codes (MAC): Ensures messages are both secret and tamper-evident.

  • TLS/SSL (HTTPS): Prevents attackers from sniffing and recording messages in transit.

🔐 What Are Session Tokens? (Simple Explanation)

🔐 What is a Session Token?

A session token is a unique, temporary identifier that a server gives to a user after successful login or authentication. It acts as a proof of identity during that session — like a "hall pass" that says, "This user is already verified."

Instead of sending your username and password with every request, your system sends the session token, which is safer and faster.

🧱 How Session Tokens Work (Step-by-Step)

  1. User logs in with their credentials (e.g., email and password).

  2. The server verifies the credentials.

  3. If valid, the server creates a unique session token (e.g., a random string).

  4. The server sends the token to the client (browser or app).

  5. The client stores the token (usually in cookies, local storage, or memory).

  6. For each future request, the token is sent to the server (in headers or cookies).

  7. The server checks the token to validate the session and grant access.


Benefits:

  • No need to re-enter credentials for every action.

  • Faster and smoother user experience.

  • Helps prevent replay attacks if tokens are short-lived and unique.

⚠️ Common Security Issues with Session Tokens

  • Token Theft: If the token is stolen (via XSS, sniffing, etc.), the attacker can impersonate the user.

  • Token Replay: If a token is reused, the server must check if it's still valid and hasn't expired.

  • Token Fixation: An attacker sets a known token in a user's browser before login. If the server accepts it, they can hijack the session.

🛡️ Best Practices for Securing Session Tokens

  1. Use HTTPS only to prevent interception.

  2. Mark cookies as HttpOnly and Secure so JavaScript can't access them.

  3. Use short expiration times and refresh tokens if needed.

  4. Regenerate session tokens on login and logout.

  5. Bind tokens to IP address or user-agent to detect misuse.

  6. Store tokens securely (avoid storing in localStorage if possible).

🧩 Types of Session Tokens

  • Random Session IDs (e.g., abc123xyz) — stored on the server (e.g., in memory or DB).

  • JWT (JSON Web Tokens) — self-contained tokens; server doesn't store them but verifies their signature and expiry.

  • Opaque Tokens — like random strings with no readable data; require lookup on the server.

MCQs on Replay Attacks and Session Tokens

 

🔁 Replay Attack – MCQs with Answers & Explanations

1. What is a replay attack?
A) An attack where an intruder modifies the original message
B) ✅ An attack where a captured message is resent to trick the receiver
C) An attack that deletes the original message
D) An attack where fake messages are created randomly
Explanation: A replay attack involves intercepting a valid message and resending it later to impersonate the sender or repeat actions without detection.

2. Which of the following helps prevent replay attacks?
A) Strong passwords
B) ✅ Timestamps and nonces
C) Long session duration
D) Use of HTTP
Explanation: Timestamps ensure the message is recent, and nonces (unique random values) ensure each request is used only once, preventing replays.

3. Replay attacks are especially dangerous in which of the following scenarios?
A) Static websites
B) Multicast streaming
C) ✅ Banking and financial transactions
D) File compression
Explanation: In banking, a replay attack could repeat a valid transaction, like transferring funds, without authorization.

4. A replay attack can succeed if the server:
A) Uses two-factor authentication
B) ✅ Accepts old requests without checking freshness
C) Encrypts messages with RSA
D) Sends data in plain text
Explanation: If the server does not verify whether a request is recent or reused, replayed messages may be accepted as new.

5. In the context of RFID-based door access, a replay attack might involve:
A) Guessing a PIN
B) Modifying hardware
C) ✅ Capturing and resending the RFID signal
D) Brute-forcing the door open
Explanation: Attackers can record RFID signals and replay them later to open doors without needing the original card.

🔐 Session Token – MCQs with Answers & Explanations

6. What is the main purpose of a session token?
A) Encrypt data
B) Track user IP
C) ✅ Maintain a user's authentication state after login
D) Replace cookies
Explanation: A session token proves the user's identity after login so they don't need to re-authenticate on every request.

7. Which of the following is a secure place to store a session token in a browser?
A) JavaScript global variables
B) SessionStorage
C) LocalStorage
D) ✅ HttpOnly cookie
Explanation: HttpOnly cookies are not accessible by JavaScript, protecting them from XSS (Cross-Site Scripting) attacks.

8. What is the risk if a session token is not expired after logout?
A) Slow server response
B) Increased cookie size
C) ✅ Token replay or session hijacking
D) Improved performance
Explanation: An attacker with access to a still-valid token can replay it to impersonate the user and hijack their session.

9. What does an HttpOnly flag on a cookie do?
A) Makes the cookie persistent
B) ✅ Prevents access via JavaScript
C) Encrypts the cookie
D) Blocks the cookie from being sent
Explanation: HttpOnly cookies are only accessible by the server, not client-side scripts, which protects them from XSS attacks.

10. What is the best practice after a successful user login?
A) Keep the old session token
B) Log all activities
C) ✅ Regenerate a new session token
D) Send credentials with every request
Explanation: Regenerating session tokens prevents session fixation attacks, where an attacker forces a victim to use a known token.

Share