Session Hijacking

Discussion in 'The Water Cooler' started by reghakr, May 27, 2011.

  1. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    In computer science, session hijacking is the exploitation of a valid computer session (commonly known as a "session key") used to gain unauthorized access to information or services in a computer system.

    For example, when a user logs in to a web site, the user's PC is tagged with a session key using a browser cookie (a cookie is a small file stored on the users PC that the browser reads).

    Any time the user requires access to a restricted area of a website (usually requiring login), the session key is extracted from the users' PC and compared to the key stored on the web server. If valid, the user is allowed to proceed to the restricted area.

    Session Hijacking and the 'Magic Cookie'
    Session hijacking in particular is used to refer to the theft of a 'magic cookie' used to authenticate a user to a remote server.

    The 'magic cookie' has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (using cookie theft, known as "cookiejacking").

    TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine, though this is unlikely to happen if the session is encrypted (using a secure connection, such as those which begin with https://)

    Source: Session Hijacking / Infopackets.com
     
    1 person likes this.
  2. Ciara

    Ciara New Member

    Joined:
    May 19, 2011
    Messages:
    2,352
    Likes Received:
    53
    Thank you for the info reghakr encryption makes good sense :cool:
     
  3. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    Your welcome Ciara
     

Share This Page

Loading...