 |
| - A - |
| - B - |
| - C - |
| - D - |
| - E - |
| - F - |
| - G - |
| - H - |
| - I - |
| - J - |
| - K - |
| - L - |
| - M - |
| - N - |
| - O - |
| - P - |
| - Q - |
| - R - |
| - S - |
| - T - |
| - U - |
| - V - |
| - W - |
| - X - |
| - Y - |
| - Z - |
Session Hijacking
Session Hijacking
Session hijacking is the process of claiming control over a web-based user session. It occurs when an intruder fraudulently obtains the session ID and masquerades as an authorized user. After the user’s session ID has been thieved, the intruder will then have all the privileges of an authorized user on the network. When a website does not respond in a normal manner or doesn’t respond altogether, it is very likely that session hijacking is the cause.
A user’s session ID is usually stored within a URL folder or a cookie file. Most communications require authentication procedures to be created and carried out in order to establish a successful connection. Session hijacking exploits this practice by intruding a session in real-time, providing much easier access to the session ID. Depending on the user’s level of security knowledge and the nature of the attack, the intrusion may or may not be detectable.