Premium Resources

Session Hijacking Levels

Session Hijacking can be done at two levels:

  1. Network Level

  2. Application Level

Network Level hijacking includes TCP and UDP sessions.

Application Level hijacking occurs with HTTP Sessions.

Application Level Hijacking:

Here the valid session token is stolen or predicted to take over the session. Various attacks involved here are-

Man in the middle attack:

By using automated tools/spoofing methods the attacker splits the connection between the targets into two. One connection between the client and attacker and another one between attacker and server. Since the attacker becomes the man in the middle, all the traffic goes through him, hence he can capture the session Id.

Cross-site scripting:

Client-side vulnerabilities like XSS attacks allow an attacker to craft a malicious script to get the session Id from the application.

Using Proxy:

By setting up a proxy and causing the traffic to flow through the proxy, one can capture the session Id details.

Man-in the–Browser:

By installing a Trojan in the victim’s browser will notify the attacker the session Id.

Session Replay:

Capturing the authentication packets by sniffing the traffic; replaying those packets after a time interval may cause the attacker to successfully login to the session of the authorized user.


PMI®, PMBOK®, PMP® and PMI-ACP® are registered marks of the Project Management Institute, Inc.

The Swirl logo™ is a trade mark of AXELOS Limited.

ITIL® is a registered trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

PRINCE2® is a registered trade mark of AXELOS Limited, used under permission of AXELOS Limited. All rights reserved.

IASSC® is a registered trade mark of International Association for Six Sigma Certification.

Certified ScrumMaster® (CSM) is a registered trade mark of SCRUM ALLIANCE®

CISSP® is a registered mark of The International Information Systems Security Certification Consortium (ISC)2.

CCNA® is a trademark of Cisco.

Microsoft and MS Project are the registered trademarks of the Microsoft Corporation.

SAP Trademark(s) is/are the trademark(s) or registered trademark(s) of SAP SE in Germany.