Session Hijack Attack  What is it? + Methods ▷ 2020

A Important security threat that exists today is computer session hijacking. It consists of intercepting the flow of data to extract information from the victim and use it for the benefit of an intruder.

It is difficult to tell if a person is being attacked through this modality. This is because the software that is installed on the computer is small and unnoticeable.

If you want to know what the symptoms of this activity are, you can read them below. We will also talk about the methods used and the best known attacks in recent years.

What is a “session hijack” and how does it work in computing?

The session hijacking, also know as Session hijacking, is a technique used by hackers to subtly take over data and confidential information of a person. These may be cookies, connection by IP, web pages, session in a modem, discussion topic in a forum and also Internet browsing.

In this way, the intruder hijacks the elements he wants to obtain his own benefit. It achieves, among other things, set unwanted user commands, perform denial of service or DDOS attack or also introduce mode advertisements pop ups when the person is browsing.

Symptoms of session hijacking How do I know if I am a victim of one?

Symptoms of session hijacking How do I know if I am a victim of one?

One of the main characteristics of session hijacking is that the program that is installed on the device is very small, so it is not easy to detect. To know if you are in the presence of a hijacking attack you will have to know some abnormal behaviors on your computer. For example, every time you surf the Internet the home page is automatically overwritten and takes you to a URL for you to make a purchase or dump your private data.

Another way to know is when you do a search and the results do not match what should be corrects. If you have to permanently close advertising windows so popups, it is a sign that you may have a session hijacking. You will also realize that you are being a victim of this situation if you cannot access platforms in which you were registered, especially in e-commerce stores and banking sites.

Regarding social networks, it is very common that the hacker has hijacked your ID when sending messages to your contacts as if you were doing it. In this way, you will quickly realize that you are becoming a victim of a session hijacking. If you have a website and you can’t access the server as you usually do, think that someone may have performed a hijacking session.

What are the methods used to perform a hijacking session?

Four methods are currently known to perform a Session hijacking. Being the most common when the attacker sends a link, by means of an email, so that the victim clicks on it so that the hacker can have access to the computer. Another method is the technique called “man in the middle”. In which the intruder intercepts data traffic to hijack session cookies.

This generates that in those sites where there is no encryption in the content, after the victim has entered the password, the attacker can impersonate the user to obtain a new password. The script on cross web pages, or “Cross site scripting” is the third method. This technique is used by attackers to be able to execute computer code on the victim’s computer.

This brings as a consequence get all kinds of information to carry out malicious operations. By last, the hijacking method is found by means of malware. These are a set of programs that are used for various purposes to silently spy on user activities. They also allow the incorporation of codes to steal session cookies so that the attacker can obtain the access codes of financial and private sites.

List of the best-known session hijacking attacks in recent years

We will show you below a list of the session hijacking attacks that occurred in recent years and that took public interest:


It was carried out at the end of 2010 using the extension “Firesheep” for the Firefox browser.. This program allowed attackers to hijack the session when the user connected to networks of Public WiFi.

This generated a great revolution of security. Social networks like Twitter or Facebook that had preferences previously established by the user, did not generate opposition to the sequestration of the cookies access to private information. Therefore, the victim who used public WiFi networks was frequently threatened until they settled down HTTPS protocols said networks.

WhatsApp Sniffer

WhatsApp Sniffer

The app store Google uploaded the tool in May 2012 WhatsApp Sniffer. Which was available for all mobiles with Android operating system and its design it allowed access to the messages of other instant messaging accounts of those users who were connected to the same WiFi network. To solve this problem WhatsApp had to change its infrastructure based on open protocol and XML by plane text.


DroidSheep was also present in Google Play Store. It is an application that is dedicated to intervene communication when there are unsafe navigation protocols, that is the HTTP. This tool made it possible to hijack the cookies start in those networks of Wifi open, with WEP and WPA2 (PSK) encryption. In this way, the attacker could remotely access devices connected on the same network to obtain session cookies and thus know all the confidential data of the victim.

Cookie Cadger


This application managed to leak private information from sites where commercial and financial transactions were carried out through apps that used HTTP GET protocols insecure. The commands were executed regardless of whether the network was wireless or wired.

His work system is make repeated requests to the browser to attack insecure HTTP GET sites. In this way, when the user enters their personal data, the attacker can hijack the login cookie to do the activities you want.

If you have any questions, leave them in the comments, we will answer you as soon as possible, and it will surely be of great help to more members of the community. Thank you! 😉

You may be interested:

Rate this post

Leave a Comment