• What Exactly is Session Hijacking in Hacking [Tutorial]

    by  • June 14, 2011 • Student Series • 1 Comment

    Session hijacking is widely used method by hackers for temporarily stealing network connections or login sessions. You might have heard this term used a lot by hackers & some of you have emailed me to explain it in brief.

    So this post will explain you what exactly is session hijacking & I have written another one for hacking wireless hotspot using session hijacking step by step for understanding the concept.

    What is Session

    We see lot of Wireless network services offering us to use Wi Fi based on pay per use model – where you have to pay for usage and it costs really high but gives you high speed connectivity.

    Evry user that pays for the service get connected. A unique MAC address of his laptop/netbook is stored in Service providers database for every paid user. Every time he gets connected to the paid network it creates a session and Session ID.

    Every other user do not having authenticated MAC address and Session gets no connectivity. So this unique connection between user & wireless connectivity provider is session.

    Black hat hackers have been using this technique from a long time to get unauthorized access to Paid Wi Fi network.

    What is Session Stealing

    In session hijacking we create a fake MAC address on our network interface & replace it with original one that we have by using MAC changer utility. And the fake MAC address that we are using is of certain user who is on the network &has already paid the wireless network usage.

    So we spoof the MAC address & let network determine us through his MAC address as authenticated user. This is what we call Session Stealing or Hijacking.

    Check out this cool article on how you can bypass the Wi Fi Hotspot Access Control by Session Stealing

     

     

     

     

    About

    Author is a Tech blogger & loves to share his work on web by writing guidelines for Ethical Hacking students & Security professionals. Performing various types of hacking from pen test to smartphone hacking – He enjoys hacking just for personal research purpose. Working with more of 'grey as well as black hat' hackers for learning advanced hacking as well as defending techniques & share them with learners. His prime area of research is Cyber Criminals & currently working on a Video Product Development to teach hacking & Pen Testing for absolute beginners.

    http://www.hackersenigma.com