Session hijacking ( cookie hijacking or cookie side-jacking) is a cyber-attack in which attackers take over a legitimate user’s computer session to obtain their session ID and then act as that user on any number of network services. This type of attack is hazardous to application security because it allows attackers to gain unauthorized access to protected accounts under the legitimate user.
The http connection is a state less connection, the web server needs a method to recognize every user’s connections. The most useful method depends on a token that the Web Server sends to the client browser after a successful client authentication. A session token is normally composed of a string of variable width and it could be used in different ways, like in the URL, in the header of the http requisition as a cookie, in other parts of the header of the http request, or yet in the body of the http requisition. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. The session token could be compromised in different ways.
<SCRIPT> alert(document.cookie); </SCRIPT>
For example, attackers may distribute emails or messages with a specially crafted link pointing to a known and trusted website but containing HTTP query parameters that exploit a known vulnerability to inject script code. For an XSS attack used for session hijacking, the code might send the session key to the attacker’s own website, for instance:
This would read the current session cookie using document.cookie and send it to the attacker’s website by setting the location URL in the browser using location.href. In real life, such links may use character encoding to obfuscate the code and URL shortening services to avoid suspiciously long links. In this case, a successful attack relies on the application and web server accepting and executing unsanitized input from the HTTP request.
By using Man in the middle attack and Man in the middle browser attack intercept the information exchange between the client and the server. By this we attacker also compromise the Session veriables easily.