All About Session Hijacking

Session Hijacking is the method of hijacking the system by using malicious software and tools that steal the personal information saved in cookies of user’s session. The session ID stored in cookies is obtained and the attacker accesses the victim’s account as an authorized user.

In Session Hijacking, the hijacker attacks the HTTP cookies. The earlier versions of HTTP before 0.9 did not have cookies, they did have security problems but they were not vulnerable to session hijacking.  With the introduction of cookies and supercookies, the attacker found a new way to hack the accounts and this problem still persist.

Session Hijacking

Methods of Session Hijacking

There are four methods of session hijacking the system.

Session Side Jacking

The hijacker captures the HTTP packets sent over the wireless network and gets the session ids from the cookies of the active users. The attackers then access all the accounts as a valid user.

Session Fixation

In session fixation, the hacker first gets the session ID of the user. He sends an email that contains session ID in the form of link. When the victim logs in and clicks the link, the hacker obtains the cookie and his account gets hijacked.


Malware includes many types of malicious software like computer viruses, Trojan horses etc. It gets the session cookies from the browser to steal personal or financial information. Sometimes it installs Android app without the user’s knowledge.

Cross-site scripting

The data provided by the hijacker is saved by the server, which appears to the user as normal pages. It basically tricks the user and looked as a genuine site to obtain the cookie.


There are several hacking tools available for session hijacking. Let’s take a look at the popular ones.



It is an Android tool that was developed in 2011 by Andreas Koch. Droidsheep uses session side jacking method to obtain the session ID of active users on same WiFi network.


This tool uses Cross-site scripting method. It is based on PHP script which sends a link the victim. When the user clicks the URL, the victim’s cookie is accessed and his account gets hacked.


This tool works on Linux based operating system. It watches the TCP connection and hijacks the session. The hacker runs Juggernaut in the victim’s system for few days and captures all the log files.


Firesheep was launched as an extension of Mozilla Firefox. It accesses cookies to get personal information and displays the user’s name at the sidebar in the browser. When the user clicks on the name, the session gets hijacked.

WhatsApp Sniffer

This Android app hacks the WhatsApp messages of the users who are on the same wireless network. It only works if the other user is also using an Android phone. WhatsApp Sniffer is a lightweight app can read and delete WhatsApp conversation.