Session Hijacking Essay Example | Topics and Well Written Essays - 1250 words

Session Hijacking - Essay Example There are two types of attacks in session hijacking namely; the active and passive attack. In active attack, the hacker identifies a session that is active and takes over by force by forcing one member to be inactive (offline). In passive attack, there is hijacking of a session by a hacker who remains inactive and observes information being transmitted from and to the computers. The attack strategy known as the denial of service is used as a common component in these attacks to either crash it or jamming its network connection. In some instances a hybrid method of attack exists which the hacker may either watch an active session for sometime before taking over or the attacker may decide to inactively watch a session for sometime before becoming active and hijacking it (Hope & Walther, 2008). Another form of the hybrid method is where one watches a session and introduces data into the session that is active periodically with no intentions of hijacking the session In perpetrating a session hijack, four methods are used. These are session fixation, session side jacking, and cross-side scripting. In session fixation, the attacker sets the id of the user’s session to another one, which is known to him. For instance, he can send an email to the user containing a link that has an id of a particular session and wait for the user to log in.