Session Hijacking

Session Hijacking is an attack that exploits the web session control mechanism, typically utilizing a session token.

Web servers use session tokens to distinguish and manage each user's connections as HTTP communication involves multiple TCP connections. After successful client authentication, the web server sends a session token to the client's browser. Session tokens are usually strings of varying lengths and can be utilized in various ways, such as in the URL, HTTP request headers as cookies, other parts of the HTTP request header, or even within the HTTP request body.

A Session Hijacking attack involves compromising the session token by either stealing or predicting a valid token to gain unauthorized access to the web server. Common methods of compromising session tokens include:

Predictable session tokens.
Session sniffing.
Client-side attacks (e.g., XSS, malicious JavaScript code, Trojans).
Man-in-the-middle attacks.
Man-in-the-browser attacks.

Example

Suppose you've managed to capture a session token like "SessionID=1305951jdnk1923854y1a" using a tool such as Wireshark, which allows you to intercept network traffic. This session token is typically used to authenticate your access to a website or web application.

To utilize this captured session token, follow these steps:

Visit the Website: Begin by navigating to the target website or web application for which the session token is valid.
Access Developer Tools: Open your browser's developer tools. You can usually do this by pressing F12 or right-clicking on the web page and selecting "Inspect" or "Inspect Element."
Create a New Cookie: In the developer tools, find the "Application" tab, often located within the developer console. Within the "Cookies" section, you can create a new cookie.
Name the Cookie: Create a new cookie with a name that matches the session token, in this case, "SessionID."
Set the Value: Set the value of the cookie to "1305951jdnk1923854y1a," which is the session token you captured.
Save the Cookie: Save the newly created cookie with the name "SessionID" and the corresponding value.
Refresh the Page: Finally, refresh the web page. The website will read the "SessionID" cookie you've just set, and if it's a valid session token, you will gain access to the associated user's session without needing to log in.

PreviousDirectory Enumeration NextWeb Shells

Last updated 1 year ago

Example

To utilize this captured session token, follow these steps:

Visit the Website: Begin by navigating to the target website or web application for which the session token is valid.

Access Developer Tools: Open your browser's developer tools. You can usually do this by pressing F12 or right-clicking on the web page and selecting "Inspect" or "Inspect Element."

Create a New Cookie: In the developer tools, find the "Application" tab, often located within the developer console. Within the "Cookies" section, you can create a new cookie.

Name the Cookie: Create a new cookie with a name that matches the session token, in this case, "SessionID."

Set the Value: Set the value of the cookie to "1305951jdnk1923854y1a," which is the session token you captured.

Save the Cookie: Save the newly created cookie with the name "SessionID" and the corresponding value.

Refresh the Page: Finally, refresh the web page. The website will read the "SessionID" cookie you've just set, and if it's a valid session token, you will gain access to the associated user's session without needing to log in.