Session Hijack Attack

What is Session Hijacking?

Session Hijacking is one of attacking technique to steal session ID from server to client. In other words, the attackers will duplicate himself as a real user to access same website or webpage with full control.

There are many users do not know that information is not only transfered to its receiver but also to any other party in the network within the range IP network. But user's device will discards all packets that are not destined to themselves. 

Session Hijacking does not drop all packets, but read all those packets and filter it to search the target. When the target is found, hacker will duplicate its session ID and acts as target device with full control access to the system.

This attack will be implemented easily to the target which is accessing the system with HTTP protocol. Because all sent packets with HTTP protocol easily to be read.

How Can I Protect My Self ?

The only solution is using SSL / Encrypted connection like HTTPS. Many of websites have been using HTTPS technology like Google, Facebook, Twitter, Online Bank System, etc.

If you are accessing non HTTPS website, you can use VPN connection like OpenVPN or PPTP. Because your packets data flow will be encrypted and hackers with their application can not read them.