Staf of EC-Council - Ethical Hacking Student Courseware. Certidied Ethical Hacker-Exam 312-50 (EC-Council E-Business Certification Series)
Recap
-
In the case of a session hijacking an attacker relies on the legitimate user to connect and authenticate and then take over the session.
-
In spoofing attack, the attacker pretends to be another user or machine to gain access.
-
Successful session hijacking is extremely difficult and only possible when a number of factors are under the attacker's control.
-
Session hijacking can be active or passive in nature depending on the degree of involvement of the attacker in the attack.
-
A variety of tools exist to aid the attacker in perpetrating a session hijack .
-
Session Hijacking could be very dangerous and there is a need for implementing strict countermeasures.