What is session hijacking?

Session hijacking is a process in which a session of a user is hijacked by a malicious actor altogether with the user’s personal information.

Example: When a user starts a session to make online payments, logging into a business/personal account, an attacker can hijack it.

The exploitation mechanism of the web sessions usually starts to extract a session ID or session token. This session token leads to gaining unauthorized access to the webserver.

Session hijacking simple scenario

How is a session hijacked?

A single server handles multiple clients to make HTTP requests, and to facilitate these requests, many different TCP connections are created. To evolve these requests, a TokenUnique Identifier is assigned to the client browser sent by webserver.

A session token is usually composed of a string of variable length. It can be used as a browser cookie, through HTTP packet (either in the packet header or Body), and as a URL. There are multiple ways through which token IDs get compromised, but the most common are:

  1. Session sniffing
  2. Client-side attacks
  3. Session fixation
  4. Man in the Browser (MITB) attack
  5. Man in the middle (MITM) attack
Question

How do we avoid session hijacking?

Show Answer

Free Resources

License: Creative Commons-Attribution-ShareAlike 4.0 (CC-BY-SA 4.0)