{"id":6566,"date":"2019-01-31T18:35:56","date_gmt":"2019-01-31T13:05:56","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=6566"},"modified":"2020-09-08T13:11:39","modified_gmt":"2020-09-08T07:41:39","slug":"session-hijacking","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/","title":{"rendered":"What is Session Hijacking Attack and how to prevent them?"},"content":{"rendered":"<div itemscope itemtype=\"http:\/\/schema.org\/ImageObject\"><meta itemprop=\"name\" content=\"Session Hijacking\"><img decoding=\"async\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/Session-Hijacking.jpg\" class=\"img-responsive\" alt=\"Session Hijacking\" itemprop=\"contentUrl\"\/><meta itemprop=\"datePublished\" content=\"2019-01-31\"><meta itemprop=\"description\" content=\"Session Hijacking is a web attack performed by a hacker to steal confidential data of the user and is also known as cookie hijacking.\"><\/div>\n<p>Session hijacking is a web attack carried out by a cybercriminal to steal valuable data or information. It works based on the principle of computer sessions and the cybercriminals makes use of the active sessions. In order to better understand how a session attack happens, it is important to know what is a session and how the session works.<\/p>\n<h2>What is a Session?<\/h2>\n<p>In the online landscape, the terminology &#8220;Session&#8221; refers to the certain time period of the temporary interaction between a user and the website or of two computer systems. Simply put, the intermediate time of the log-in and log-off during the operation of an account is termed as a session. Sequentially, a session is considered valid up to the end of the interaction\/connection.<\/p>\n<h2>How Does Session Hijacking Happen?<\/h2>\n<p>An attacker makes use of an active session to place himself in between the connected computers or website and the user by impersonating a \u201cmagic cookie\u201d or a token from the user&#8217;s browser. By doing so, the gains access to information without revealing the identity to both endpoints. Once inside the session the intruder monitors and attempts to apprehend everything from the online user&#8217;s account. Subsequent to taking control of the session, the attacker will be in full-control to intercept, send and receive information without the knowledge of the sender and receiver. The intrusion may or may not be detectable.<\/p>\n<p>In technical terms, the HTTP communication uses many TCP connections, therefore, it is vital for the server to identify every user\u2019s connections with the help of an appropriate and unique method. The one which best-fits the demand is the use of an authentication process, once it is concluded the server forwards a token to the client browser.<\/p>\n<p>The token is made of a set of changeable width and it could be used in different ways \u2013 say like, in the header of HTTP requisition as a cookie, in other parts of the header of the HTTP request, in the body of the HTTP requisition or in the URL. The online criminal exploits the session token by stealing or predicting a valid session token to obtain the unofficial access to the web server. The session token compromising can happen in different ways.<\/p>\n<p>Session Hijacking is also known as Cookie Hijacking, sometimes also called as a session key. Session Hijacking happen two ways and, they are:<\/p>\n<h2>Types Of Session Hijacking<\/h2>\n<p><strong>Session Sniffing<\/strong><\/p>\n<p>As explained above, the tokens help the online intruder to invade a valid session. Thereby, the online intruder first gets the session id. Packet Sniffing that is also known as Sniffing is used to get the session id. When this is accomplished, the online attacks gets to invade the full session and access to the web server.<\/p>\n<p><strong>The Cross-Site Script Attack<\/strong><\/p>\n<p>The cross-site script attack is the easiest method for an online criminal to obtain a session id without running any malicious scripts or codes from the client end. The victim is indirectly targeted, the online criminal compromises the grey areas on the website and applies it to deliver a malicious script to the victim\u2019s browser.<\/p>\n<p><strong>Precautionary Methods to Evade Session Hijacking<\/strong><\/p>\n<p>Usually, a session hijacker steals the session id by infecting a malicious code on the client website. Therefore, it is necessary to enable the <a href=\"https:\/\/antivirus.comodo.com\/virus-protection.php\" rel=\"noopener\" target=\"_blank\">virus protection<\/a> from the client side. Few precautionary methods will help steer clear from falling a victim to session hijacking attacks. Install a powerful antivirus as it helps a lot to evade the danger. If you already had a <a href=\"https:\/\/antivirus.comodo.com\/\" rel=\"noopener\" target=\"_blank\">antivirus program<\/a> installed on your system remember to keep the existing software up to date.<\/p>\n<p><strong>Comodo Antivirus<\/strong><\/p>\n<p>The Comodo antivirus is a useful AV-Tested virus protection software out there. Similar to the other antivirus software, Comodo antivirus also provides robust protection against virus and malware threats. Comodo scores high on the list for its Defense+ technology which automatically defends from unknown files by assuming that they are a threat to the PC. The unknown files are segregated and run real time in a containment environment before sorting out the good from bad. It is compatible with Windows 10, Windows 8, Windows 7 and Windows Vista. Session Hijacking attacks can easily be evaded if Comodo antivirus is installed on your computer!<\/p>\n<p><a href=\"https:\/\/antivirus.comodo.com\/download\/thank-you.php?prod=cloud-antivirus&#038;track=16678&#038;af=16678\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Download', eventLabel: 'Bottom FREE DOWNLOAD banner Product AV'});\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2018\/04\/Comodo-Free-Antivirus.png\" alt=\"comodo antivirus\"\/><\/a><\/p>\n<p><a href=\"https:\/\/secure.nurd.com\/home\/purchase.php?pid=109&#038;af=16166\" target=\"_blank\" rel=\"noopener\" onclick=\"ga('send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});ga('nT.send', 'event', {eventCategory: 'Antivirus Blog', eventAction: 'Click', eventLabel: 'GET COMPLETE PROTECTION banner Product CIS Pro'});\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8604\" src=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2020\/08\/complete-antivirus.png\" alt=\"comodo antivirus\" width=\"650\" height=\"83\" \/><\/a><\/p>\n<p><strong>Related Resource<\/strong><\/p>\n<p><strong><a href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/coronavirus-push-lokibot-trojan-malware-unsuspecting-users\/\">Coronavirus Email Virus<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/www.comodo.com\/home\/internet-security\/antivirus.php\" target=\"_blank\" rel=\"noopener\">Antivirus Software<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/best-antivirus-of-2019\/\" target=\"_blank\" rel=\"noopener\">Best Antivirus<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/antivirus.comodo.com\/antivirus-for-android.php\" target=\"_blank\" rel=\"noopener\">Antivirus for Android<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/antivirus.comodo.com\/virus-protection.php\" target=\"_blank\" rel=\"noopener\">Virus Protection<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/cwatch.comodo.com\/website-backup\/\" rel=\"noopener\" target=\"_blank\">Website Backup<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Session hijacking is a web attack carried out by a cybercriminal to steal valuable data or information. It works based on the principle of computer sessions and the cybercriminals makes use of the active sessions. In order to better understand how a session attack happens, it is important to know what is a session and [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6576,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[9,153,238],"class_list":["post-6566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-comodo-news","tag-antivirus","tag-best-antivirus","tag-browser-hijacking"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is Session Hijacking? | How to Prevent Session Hijack Attack<\/title>\n<meta name=\"description\" content=\"Session Hijacking is a web attack carried out by the hacker to steal confidential data of the user. Prevent session hijacking attacks using antivirus.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is Session Hijacking? | How to Prevent Session Hijack Attack\" \/>\n<meta property=\"og:description\" content=\"Session Hijacking is a web attack carried out by the hacker to steal confidential data of the user. Prevent session hijacking attacks using antivirus.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-31T13:05:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-09-08T07:41:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/\",\"name\":\"What is Session Hijacking? | How to Prevent Session Hijack Attack\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg\",\"datePublished\":\"2019-01-31T13:05:56+00:00\",\"dateModified\":\"2020-09-08T07:41:39+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Session Hijacking is a web attack carried out by the hacker to steal confidential data of the user. Prevent session hijacking attacks using antivirus.\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg\",\"width\":225,\"height\":170},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is Session Hijacking Attack and how to prevent them?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is Session Hijacking? | How to Prevent Session Hijack Attack","description":"Session Hijacking is a web attack carried out by the hacker to steal confidential data of the user. Prevent session hijacking attacks using antivirus.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/","og_locale":"en_US","og_type":"article","og_title":"What is Session Hijacking? | How to Prevent Session Hijack Attack","og_description":"Session Hijacking is a web attack carried out by the hacker to steal confidential data of the user. Prevent session hijacking attacks using antivirus.","og_url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2019-01-31T13:05:56+00:00","article_modified_time":"2020-09-08T07:41:39+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/","url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/","name":"What is Session Hijacking? | How to Prevent Session Hijack Attack","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg","datePublished":"2019-01-31T13:05:56+00:00","dateModified":"2020-09-08T07:41:39+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Session Hijacking is a web attack carried out by the hacker to steal confidential data of the user. Prevent session hijacking attacks using antivirus.","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2019\/01\/What-is-Session-Hijacking.jpg","width":225,"height":170},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/session-hijacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What is Session Hijacking Attack and how to prevent them?"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/6566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=6566"}],"version-history":[{"count":13,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/6566\/revisions"}],"predecessor-version":[{"id":15357,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/6566\/revisions\/15357"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/6576"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=6566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=6566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=6566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}