Session hijacking involves exploiting a valid computer session to gain unauthorized access to information or services. It is commonly used to refer to stealing HTTP cookies to authenticate as another user. There are several methods, such as sniffing network traffic to obtain session cookies or using malware to steal browser cookie files. Prevention methods include encrypting data traffic with SSL/TLS and regenerating session IDs after login.
4. will not protect against attacks such as Firesheep.
See also
ArpON
Crosssite request forgery
HTTP cookie
TCP sequence prediction attack
References
1. "Warning of webmail wifi hijack". BBC News. August 3, 2007.
2. Rudis Muiznieks. "Exploiting Android Users for Fun and Profit". The Code Word.
3. "Firefox extension steals Facebook, Twitter, etc. sessions". The H. 25 October 2010.
4. "Facebook now SSLencrypted throughout". The H. 27 January 2011.
5. "Twitter adds ‘Always use HTTPS’ option". The H. 16 March 2011.
6. "Sniffer tool displays other people's WhatsApp messages". The H. 13 May 2012.
7. "WhatsApp no longer sends plain text". The H. 24 August 2012.
8. "DroidSheep".
9. "DroidSheep Blog".
10. "How Shutterfly and Other Social Sites Leave Your Kids Vulnerable to Hackers". Mother Jones. 3 May 2013.
11. "Schneier on Security: Firesheep". 27 October 2010. Retrieved 29 May 2011.
12. Burgers, Willem; Roel Verdult; Marko van Eekelen (2013). "Prevent Session Hijacking by Binding the Session to
the Cryptographic Network Credentials". Proceedings of the 18th Nordic Conference on Secure IT Systems
(NordSec 2013).
13. See "NetBadge: How To Log Out".
14. See also "Be Card Smart Online Always log out".
External links
ArpON home page (http://arpon.sourceforge.net)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Session_hijacking&oldid=699125336"
Categories: Computer network security Computer security exploits Web security exploits
This page was last modified on 10 January 2016, at 11:50.
Text is available under the Creative Commons AttributionShareAlike License; additional terms may
apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered
trademark of the Wikimedia Foundation, Inc., a nonprofit organization.