Posts

Showing posts with the label Hijacking Session

SESSION HIJACKING

SESSION HIJACKING In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victims computer (see HTTP cookie theft). A popular method is using source-routed IP packets. This allows an attacker at point B on the network to participate in a conversation between A and C by encouraging the IP packets to pass through Bs machine. If source-routing is turned off, the attacker can use blind hijacking, whereby it guesses the responses of the tw...