In most pirate movies, an unprepared ship is overtaken by a crew of pirates. This hijacking happens as the ship is en route to its destination with its cargo as it has probably done many times before. Session hijacking is similar to pirates taking over a cargo ship. You hijack an existing session of a host en route to your target. The target has no idea that the session has been hijacked and grants you permission as if you were an authorized host.
Session hijacking is the attempt to overtake an already active session between two hosts. This is different from IP spoofng, in which you spoof an IP address or MAC address of another host. With IP spoo?ng, you still need to authenticate to the target. With session hijacking, you take over an already-authenticated host as it communicates with the target. You wi l l probably spoof the IP addres s or MAC addres s of the host, but ses s ion hi jacking involves more than just spoofing. Session hijacking is attractive to malicious hackers because the host that is being hijacked is already authenticated to the target. Therefore, the malicious hacker does not need to waste time performing password cracking. It does not matter how secure the process of authentication is because most systems send clear text communication after they are authenticated. This makes most computers vulnerable to this type of attack.
Session hijacking attacks are one of two types:
Active – You find an active session and take it over to compromise your target. This is the type of hijacking discussed in this chapter because it is more diffcult than passive hijacking.
Passive – This is when you hijack a session and record all traffc that is being sent between the target and the host. Active hijacking always begins with performing a passive hijacking attack.
