Session Hijacking Attack

13th May 2020 | Cybrary Session Hijacking Attack


session hijacking cybrary

A Session Hijacking Attack occurs when a user session is taken over by an attacker. A normal session starts when you log into a service, for example your banking application, and ends when you log out. The session hijacking attack relies on the attacker’s knowledge of your session cookie, so it is also called “cookie hijacking” or “cookie side-jacking”. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications. In most cases when you log into a web application, the server sets a temporary session cookie in your browser to remember that you are currently logged in and authenticated. HTTP is a stateless protocol and session cookies attached to every HTTP header are the most popular way for the server to identify your browser or your current session.

To perform session hijacking, an attacker needs to know or be able to predict the victim’s session ID. This can be obtained by stealing the session cookie or persuading the user to click a malicious link containing a prepared session ID. In both cases, after the user is authenticated on the server, the attacker can hijack the session by using the same session ID for their own browser session. The server is then tricked into treating the attacker’s connection as the original user’s valid, authorized session.

Source: NetSparker

Additional Reading:

  1. Corporate Account Takeover Attacks: Detecting and Preventing 
  2. What is Session Hijacking: Your quick guide to session hijacking attacks

Related Terms:

What does this mean for an SMB?

The best way to defend against a session hijacking attack is to educate your employees and staff on the risks involved with everyday use of the Internet and what they can do to reduce the likelihood of a security breach. These attacks can be brought on by a user clicking on a phishing link, or opening an attachment that allows for the hacker to gain information about your browser connection. By educating employees on the dangers of phishing, along with using CyberHoot’s Phish Testing modules, you can significantly reduce the likelihood of you or your company becoming victim to an attack like this. 

To learn more about Session Hijacking, watch this short 3 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Make Phishing Training Count with HootPhish

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
CyberHoot Newsletter – May 2025

CyberHoot Newsletter – May 2025

Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...

Read more