[ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking

This entry is part 21 of 30 in the series [ Certified Ethical Hacker Training ]

Chapter 10 cont’d: Session Hijacking

First, read this Infosec Institute Session Hijacking Cheat Sheet:


Note session hijacking, session sidejacking and session fixation.

 Spoofing vs. Hijacking

Be sure to recognize the difference between just lying about your IP address, and actually taking over a running user session.

How do you get a session ID?

Brute-forcing a Session ID

Stealing a Session ID

Calculating/Cracking an ID

Cracking a Session ID

OWASP’s Discussion of Session Hijacking:


See my page [ Auditing With OWASP ] :: [ Vulnerability A7: Cross-Site Scripting XSS ]:


Windows sessions are subject to an SMB Relay attack:




Cain & Abel

Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow[ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography >>