Ethical Hacking Tutorial

What is Session Hijacking in Cyber Security? Definition, Types, Process

Table of Contents

  • What is Session Hijacking?
  • Why is Session Hijacking Successful?
  • Session Hijacking Process
  • Types of Session Hijacking

What is Session Hijacking?

Session hijacking happens when an attacker hacks the session of a user by obtaining the authentication. 

For instance, someone has logged into his bank account on the bank website. The session starts once he is logged in and it ends when logged out. The method of taking over a session is called session hijacking. 

Why is Session Hijacking Successful?

If a session has been hijacked, the attackers can do all the activities that were allowed to the authorized user. As long as the session is active, everything is enabled for the attacker. For example, if it was log in to a bank account, the attacker can transfer money, do online shopping, etc.

It is considered a success for the attacker if he is able to take over the session and perform actions that can benefit him. 

Session Hijacking Process

1. Sniffing

The first step is to find an active session between the user and the server, and try to stand between them. Hackers use sniffing tools like Wireshark to find session information and capture traffic.

2. Monitor

The session is then monitored for vulnerabilities and protocols that can be exploited. Hackers also look for the valid authentication packets flowing between the user and the server. 

3. Retrieval

Hackers then use the available data and information to find the valid session ID. They try to predict the sequence number that can enable access to the session. It is a crucial step because if the incorrect sequence number is used, the server may reset the session or terminate the attempt. 

4. Stealing session ID

Man in the middle attack, cross-site scripting, brute force attacks, etc. is used to steal the session IDs. 

5. Forcing the target to go offline

After predicting the session ID, the hackers launch a DoS attack to force the user to go offline. It is important for the attacker to ensure that the user is offline because if a session is accessed by two parties, it can cause an ACK storm. 

6. Hijacking

It is the final stage where the hackers take over the session between the user and the server. Here, they will also spoof the IP address to appear legitimate to the server. 

Types of Session Hijacking

There are two types of session hijacking:

  • Active: When the attackers force the user to go offline and take over the session, it is called active session hijacking. Here, they are directly involved with the session.

  • Passive: When the attackers choose to monitor the traffic between the users and the servers, it is called passive session hijacking. Their aim here is to find valuable data and passwords. 

Did you find this article helpful?