In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server.
It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victims computer (see HTTP cookie theft).
A popular method is using source-routed IP packets.
This allows an attacker at point B on the network to participate in a conversation between A and C by encouraging the IP packets to pass through Bs machine.
If source-routing is turned off, the attacker can use blind hijacking, whereby it guesses the responses of the two machines.
Thus, the attacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the net.
An attacker can also be inline between A and C using a sniffing program to watch the conversation.
This is known as a man-in-the-middle attack.
The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token.
Because http communication uses many different TCP connections, the web server needs a method to recognize every user’s connections.
The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication.
A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition.
The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
The session token could be compromised in different ways; the most common are:
- Predictable session token;
- Session Sniffing;
- Client-side attacks (XSS, malicious
- Man-in-the-middle attack
- Man-in-the-browser attack