A Session Hijacking Attack occurs when a user session is taken over by an attacker. A normal session starts when you log into a service, for example your banking application, and ends when you log out. The session hijacking attack relies on the attacker’s knowledge of your session cookie, so it is also called “cookie hijacking” or “cookie side-jacking”. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications. In most cases when you log into a web application, the server sets a temporary session cookie in your browser to remember that you are currently logged in and authenticated. HTTP is a stateless protocol and session cookies attached to every HTTP header are the most popular way for the server to identify your browser or your current session.
To perform session hijacking, an attacker needs to know or be able to predict the victim’s session ID. This can be obtained by stealing the session cookie or persuading the user to click a malicious link containing a prepared session ID. In both cases, after the user is authenticated on the server, the attacker can hijack the session by using the same session ID for their own browser session. The server is then tricked into treating the attacker’s connection as the original user’s valid, authorized session.
- Corporate Account Takeover Attacks: Detecting and Preventing
- What is Session Hijacking: Your quick guide to session hijacking attacks