2.4.5 Session Hijacking

A man-in-the-middle attack is a type of session hijacking.  A session hijacking attack steals or predicts a session token in order to gain unauthorized access to a server.

A web server sends a token to the user’s browser after a successful authentication. The token is then used so that server recognizes the user throughout that particular session. The attacker could steal the token if he has access to the user’s computer or the attacker can use an intermediary computer to capture the token.

TCP session hijacking occurs when an attacker intercepts and then controls a TCP session between a server and the user’s computer. TCP authentication occurs at the start of a TCP session so once that has been done, the attacker can attack unimpeded.

A popular method of session hijacking is using source-routed IP packets by encouraging the IP packets to pass through the attacker’s device. If source-routing is turned off, the attacker can use blind hijacking. Blind hijacking is when the attacker sends a command to the server in order to set a password allowing access.