What is Session Hijacking in Cyber Security? Definition, Types, Process
What is Session Hijacking?
Session hijacking happens when an attacker hacks the session of a user by obtaining the authentication.
For instance, someone has logged into his bank account on the bank website. The session starts once he is logged in and it ends when logged out. The method of taking over a session is called session hijacking.
Why is Session Hijacking Successful?
If a session has been hijacked, the attackers can do all the activities that were allowed to the authorized user. As long as the session is active, everything is enabled for the attacker. For example, if it was log in to a bank account, the attacker can transfer money, do online shopping, etc.
It is considered a success for the attacker if he is able to take over the session and perform actions that can benefit him.
Session Hijacking - What is Session Hijacking | Complete Process of Sessions Hijack
In this video, We are explaining Everything About Session Hijacking. Please do watch the complete video for in-depth information.
Session Hijacking Process
The first step is to find an active session between the user and the server, and try to stand between them. Hackers use sniffing tools like Wireshark to find session information and capture traffic.
The session is then monitored for vulnerabilities and protocols that can be exploited. Hackers also look for the valid authentication packets flowing between the user and the server.
Hackers then use the available data and information to find the valid session ID. They try to predict the sequence number that can enable access to the session. It is a crucial step because if the incorrect sequence number is used, the server may reset the session or terminate the attempt.
4. Stealing session ID
Man in the middle attack, cross-site scripting, brute force attacks, etc. is used to steal the session IDs.
5. Forcing the target to go offline
After predicting the session ID, the hackers launch a DoS attack to force the user to go offline. It is important for the attacker to ensure that the user is offline because if a session is accessed by two parties, it can cause an ACK storm.
It is the final stage where the hackers take over the session between the user and the server. Here, they will also spoof the IP address to appear legitimate to the server.
Types of Session Hijacking
There are two types of session hijacking:
Active: When the attackers force the user to go offline and take over the session, it is called active session hijacking. Here, they are directly involved with the session.
Passive: When the attackers choose to monitor the traffic between the users and the servers, it is called passive session hijacking. Their aim here is to find valuable data and passwords.