Explore session hijacking, including the impacts of successful attacks, how to conduct an attack, attack types, and possible mitigation strategies.
Certified Ethical Hacker - CEHv10: Session Hijacking
- describe the possible impact of a successful session hijacking attack, conduct a session replay attack by sniffing session tokens, and deploy a cross-site scripting (XSS) attack
- describe token prediction, Cross-Site Request Forgery (CSRF/XSRF), session fixation, and Man-in-the-Browser attacks
- demonstrate network-layer session hijacking and describe the possible mitigation strategies