Main menu


What is a session hijacking attack - types of session hijacking

What is a session hijacking attack - types of session hijacking, A session hijacking attack occurs when an attacker takes over a private Internet session, for example, while checking a credit card balance, paying bills, or shopping at an online store. It does anything that can be done on the site, in fact, a hijacker deceives the site into thinking it is the user itself.

What is a session hijacking attack - types of session hijacking

How does a session hacking attack work

The first step: An unsuspecting Internet user logs into an account, and the user may log into a bank account, credit card site, online store, application, or other site, where the application or site installs a temporary session cookie in the user's browser, and contains This cookie contains information about the user that allows the site to maintain their authentication and login and to track their activity during the session, and the session cookie remains in the browser until the user logs out or logs out automatically.

Step 2: The criminal gains access to a valid Internet user session. Cybercriminals have different ways to steal sessions. Many common types of session hijacking include hijacking a user's session cookie, locating the session identifier inside the cookie, and using this information to take over Session The session identifier is also known as the session key, when the criminal gets the session id, he can take over the session undetected.

Step 3: The session hijacker gets a reward for session theft, as once the original internet user goes on their way, the hijacker can use the persistent session to commit a host of malicious acts, they can steal money from the user’s bank account, buy items or seize personal data to commit identity theft Or encrypt important data and demand a ransom to return it.

Session hijacking methods

Brute force, in a brute force attack, the attacker guesses the session identifier and uses it to hijack the session, brute force attacks usually only work when the website has poor security and uses short, easy-to-guess session keys.

Cross-site scripting A cross-site scripting attack takes advantage of security weaknesses in a web server In cross-site scripting, an attacker injects scripts into web pages These scripts cause the web browser to expose the session key to the attacker so that he can take over the session.

Malware, cybercriminals can trick the user into clicking a link that installs malware on the device to allow them to hijack a session, the malware might scan and perform session sniffing to find a session, then the malware grabs the session cookie and sends it to the criminal, who can then It get the private session id to take over the session.

Session side takeover, in this type of attack, the criminal needs access to the user's network traffic, they can access when the user is using an unsecured (Wi-Fi) network or by engaging in (man-in-the-middle) attacks, In session side hack, the criminal uses packet sniffing to monitor the internet user's network traffic to look for sessions, in this way, the attacker is able to get the session cookie and use it to take over the session.

Session Pinning In a session pinning attack, the criminal creates a session ID and tricks the user into starting a session with it, a common way to do this is to send an email to the user with a link to the login form of the website the attacker wants to access, the user logs in with an ID The mock session, which gives the attacker a path to the door.

Internet session hacking tools

CookieCadger is an open-source tool that can identify information leakage from web applications, it can monitor both wired Ethernet and unsecured (Wi-Fi) unencrypted information including session cookies.

DroidSheep (DroidSheep|) is an open-source (Android) tool that allows the user to extract session cookies and other unprotected information from unprotected web browsing sessions over Wi-Fi.

FireSheep is a browser extension created for Firefox The Firesheep extension allowed attackers to use packet sniffing to find and copy unencrypted session cookies that could be used to perform session hijacking attacks FireSheep exploited the vulnerabilities and no longer works with the (FireSheep) browser Firefox).