Session Hijacking

reghakr

Essential Member
In computer science, session hijacking is the exploitation of a valid computer session (commonly known as a "session key") used to gain unauthorized access to information or services in a computer system.

For example, when a user logs in to a web site, the user's PC is tagged with a session key using a browser cookie (a cookie is a small file stored on the users PC that the browser reads).

Any time the user requires access to a restricted area of a website (usually requiring login), the session key is extracted from the users' PC and compared to the key stored on the web server. If valid, the user is allowed to proceed to the restricted area.

Session Hijacking and the 'Magic Cookie'
Session hijacking in particular is used to refer to the theft of a 'magic cookie' used to authenticate a user to a remote server.

The 'magic cookie' has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (using cookie theft, known as "cookiejacking").

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine, though this is unlikely to happen if the session is encrypted (using a secure connection, such as those which begin with https://)

Source: Session Hijacking / Infopackets.com
 
Back
Top