Professional Documents
Culture Documents
Session Hijacking
Session Hijacking
Session Hijacking
Table of contents
• What is Session Hijacking?
• Types of session hijacking
• How session Hijacking works
• Methods of Session hijacking
• Consequences of session hijacking
• Examples of session hijacking
• Tools to exploit session hijacking
• How to prevent Session hijacking?
• Lab on session hijacking
• Conclusion
• References
What is Session Hijacking?
• Technique used by hackers to gain access to a target’s
computer
Passive
How session Hijacking works
Methods of Session hijacking
• Brute force • Session fixation
• The hacker can gain access to multiple web applications, from financial systems
• The attacker can use session hijacking cookies for identifying authenticated users in single sign-on systems (SSO)
o Hackers can get access to sensitive data and sell it on the dark web
o Hackers can demand a ransom from the user in exchange for the data
Examples of session hijacking
• Zoom-bombarding
• GitLab
• Slack
Tools to exploit session hijacking
Tools
• It is important to implement appropriate security measures to prevent and detect Session Hijacking attacks
• Always check the URL bar when logging in to ensure that no suspicious links are present