Type of Session Hijacking
In active session hijacking , an attacker is able to manage stealing active and valid session id of the target user. Attacker disconnects the target from the active session and takes over that active session.
Generally the attacker needs to intercept the packets and analysis them in order to get valid cookies or session id information . Before that takeover of an active session are quite complex and difficult.
In the passive session hijacking , an attacker sits between two communicating host and analyse their communication packets traffic . After getting the session id or valid cookie , attacker hijacks the session but doesn’t perform any exploit.
Attacker simply analyse all the packet communication which are going in forward request and tries to communicate using the fake identity in order to get highly sensitive information from the other side