Types of Session Hijacking: Advantages & Disadvantages

Instructor: Erik Rodriguez

Erik has experience working in Cybersecurity and has a Master's of Science in Information Systems.

In this lesson, we will discuss what session hijacking is and how this type of attack is carried out by a malicious actor. Additionally, we will review the two main types of session hijacking as well as some examples of each.

A Secret Party is Not so Secret After All

Suppose you and a friend are sending each other notes to one another in class to make plans to throw a surprise birthday party for someone. Since you both sit on opposite sides of the classroom, you create a network of classmates who are able to pass along the notes so that they reach each of you. Unbeknownst to both of you, however, a malicious classmate has managed to squeeze himself in the middle of that network. The entire time that you and your friend have been sending each other notes, this malicious classmate has been reading the messages when he receives them before sending them off to the next student. In essence, this classmate has hijacked your line of communication and now has access to every message you and your friend are sending to each other. In like manner, hackers utilize similar techniques to hijack user sessions on a network.

What is Session Hijacking?

Session hijacking refers to any attack that a hacker uses to infiltrate a legitimate user's session on a protected network. In order to accomplish this, an attacker must be able to steal a special token that is used to initiate a session. Once an attacker has initiated a session, they can access a network's resources. Ultimately, the purpose of session hijacking is to exploit vulnerabilities in network sessions in order to view or steal confidential data and use restricted network resources.

Session Hijacking Process

In order to perform session hijacking, an attacker must complete a series of steps. The session hijacking process is as follows:

  1. Reconnaissance: The first step of the session hijacking process involves the attacker scoping out their target in order to find an active session. Typically, attackers use applications like network sniffers to help them accomplish this step.
  2. Network Monitoring: In this step, the attacker will lurk on the compromised network, attempting to identify the use of any vulnerable traffic that has not been properly secured. Protocols such as FTP and HTTP are commonly known to be insecure.
  3. Determining Session ID: The next step involves the attacker determining the session ID that allows for a legitimate connection to take place. The attacker will use all the information they have gathered during the previous two steps to try and predict the session ID.
  4. Infiltration: Once the attacker has retrieved the correct session ID, the next step involves infiltrating the network and taking over, or hijacking, the user's session.

Types of Session Hijacking

The two main types of session hijacking are Application Layer Hijacking and Transport Layer Hijacking. Each type includes numerous attack types that enable a hacker to hijack a user's session.

Application Layer Hijacking

In Application Layer Hijacking, an attacker either steals or successfully predicts the session token needed in order to hijack a session. This type of session hijacking mainly occurs with sessions that utilize HTTP. Two examples of Application Layer Hijacking include Man-in-the-Middle attacks and attacks that utilize a proxy. A Man-in-the-Middle attack occurs when an attacker is able to fit himself in the communication channel between a client and a server, much like the example noted at the start of this lesson. Proxy attacks, on the other hand, occurs when an attacker causes network traffic to go through a proxy that he or she has set up, capturing the session ID in the process.

Transport Layer Hijacking

Transport Layer Hijacking occurs in TCP sessions and involves the attacker disrupting the communication channel between a client and server in such a way that data is unable to be exchanged. Thus, the attacker is able to send fraudulent data packets that appear legitimate to both the client and server, essentially taking over the session. IP spoofing is a type of attack that involves the hijacker using a forged IP address in order to appear as a trusted host. In this way, the hijacker is able to communicate freely with computers on the network. Blind Hijacking is a technique where an attacker will intercept communications during a session and send his own malicious data or commands. However, the attacker will not be able to see the responses he receives and would only be guessing as to what the client and server are responding.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 160 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create An Account