Session hijacking is a security attack where a user session is taken over by an attacker. A session starts when you log into any websites(e.g facebook) or service, but the web server store a temporary session cookie in your browser to remember that you are currently logged in and authenticated.
Here attacker will try to steal session cookie or make user to click malicious link from where attacker can obtain a session ID .
With session ID (session key) Attacker can easily hijack into the corresponding user session
Types Of Session Hijacking
Session hijacking are classified mainly into two types:
Active Session Hijacking
In active session hijacking, the attacker tries to look out for an active session in remote system, and use various tools to take over the clients’ position. It also allow attacker to create a new session.
Passive Session Hijacking
In Passive session hijacking, the attacker employs sniffing on a network to find out user authentication details, such as user credential and other information in order to use that data to create a new session.
Best learning portal that provides you great learning experience of various technologies with modern compilation tools and technique
Don't hesitate to give us a call or send us a contact form message