Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Methods attackers use to perpetrate a session hijack include
The attacker uses packet sniffing to read network traffic between two parties to steal the session cookie
The attacker tricks the user's computer into running code which is treated as trustworthy
All are methods to hijack
Sets a user's session id to one known to him
Session fixation- for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
Session sidejacking -- Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised.[1] Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
Cross site scripting -- because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.
Another method is browser hijacking using malware to steal a browser's cookie files without a user's knowledge, and then perform actions without the user's knowledge.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.