What is Session Hijacking?
Session hijacking is a phishing attack where a user session is taken over by an attacker. A session starts when you log into a service, like your banking application, and ends when you log out. For a session hijacking attack to occur, an attacker needs to know the target’s session ID (session key). To obtain this information, the attacker must either steal the session cookie or trick the user into clicking on a malicious link containing a prepared session ID. In both cases, after the user is authenticated on the server, the attacker can hijack the session using the same session ID for their own browser session. This tricks the server into treating the attacker’s connection as the original user’s valid session.
What can the attacker do after a successful session hijack?
If the attacker is successful, they are then able to preform any actions that the original user was authorized to do. Depending on the targeted application, this could mean stealing personal information, making purchases in a web store, making mack transfers, etc.