Session Hijacking Levels

Session Hijacking can be done at two levels: 

1. Network Level 

2. Application Level

Network Level hijacking includes TCP and UDP sessions.

Application Level hijacking occurs with HTTP Sessions.

Application Level Hijacking:

Here the valid session token is stolen or predicted to take over the session. Various attacks involved here are-

Man in the middle attack: 

By using automated tools/spoofing methods the attacker splits the connection between the targets into two. One connection between the client and attacker and another one between attacker and server. Since the attacker becomes the man in the middle, all the traffic goes through him, hence he can capture the session Id.

Cross-site scripting:

Client-side vulnerabilities like XSS attacks allow an attacker to craft a malicious script to get the session Id from the application.

Using Proxy:

By setting up a proxy and causing the traffic to flow through the proxy, one can capture the session Id details.

Man-in the–Browser:

By installing a Trojan in the victim’s browser will notify the attacker the session Id.

Session Replay: 

Capturing the authentication packets by sniffing the traffic; replaying those packets after a time interval may cause the attacker to successfully login to the session of the authorized user.