Methods of Session Hijacking can be done from following ways:
- Network Side Session Hijacking
In the network side session hijacking , an attacker sites between two communicating hosts and tries to intercept all the communication packets to get the valid cookies and session IDs . Generally it is done when the communication between two hosts is TCP and UDP based
Network side session hijacking can be done in following ways:
- Exploiting TCP/IP Communication
- Exploiting 3-Way handshake
- Exploiting UDP Communication
- Man in the Middle Attack (MITM)
- Ip Spoofing
2. Application Side Session Hijacking :
In application side session hijacking , an attacker tries to get the valid session ids of the target user in-order to get access of the active session and sometimes due to presence of critical vulnerability attacker can even create an unauthorized new session.
Session IDs might can present in the URL of web application which is reflected result of HTTP GET request . Also user tries to intercept the valid session cookies of the target user and tries to hijack the session .
Generally , Brute Force is used in guessing for the session ids. An attacker uses the brute force to get the session id of the target.