Session Hijacking

Session hijacking is a cyberattack in which an attacker controls a user’s web session by exploiting the web session control mechanism. A session hijacking attack is also known as TCP session hijacking. A session hijacking attack compromises the web session by stealing or predicting a valid session token, enabling the attacker to gain unauthorized access to the webserver. The most session hijacking methods through which a session token can be comprised include predictable session tokens, session sniffing, client-side attacks, man-in-the-middle attack, and man-in-the-browser attack.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.