Session hijacking
In this section, we will perform session hijacking on a target machine on our network. To perform this attack, we will combine a few other techniques to ensure that it's successful. Whenever a user visits a website, the web server sends a cookie to the web browser. The cookie is used to monitor the user's activities and provide a better user experience by tracking items in a shopping cart, maintaining persistent login while browsing other areas of a website, and so on.
Session hijacking allows an attacker or penetration tester to capture and take over (hijack) another user's sessions while the victim is logged into a website. Session hijacking allows the penetration tester to capture the session token/key, which is then ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access