From the course: Penetration Testing and Ethical Hacking
Unlock this course with a free trial
Join today to access over 24,600 courses taught by industry experts.
Session hijacking
From the course: Penetration Testing and Ethical Hacking
Session hijacking
- [Instructor] Session hijacking. In this lesson, we are going to talk about session hijacking, explaining what this type of attack is, the different attacks, variety of attacks, and the techniques. So let's go ahead and get started in learning about this devastating type of attack. Now, before we start talking about the techniques and attack methods, let's first understand what a session hijacking is. To understand the concept of session hijacking, consider an authenticated TCP session between two hosts. It can be a user and a server. Now, an attacker, which is the third person, intercepts the session, it takes it over. When the session's authentication process is complete, the user becomes authorized to use resources such as web services, TCP communications, or whatever the intended target was. So again, this third person now has access to all that private sensitive information. So that's what a session hijacking is. It could be severe depending on the sensitivity of the data…