Penetration Testing and Network Defense

Chapter 6. Understanding and Attempting Session Hijacking

Will Turner: We’re going to steal a ship? That ship?

Jack Sparrow: Commandeer. We’re going to commandeer that ship. Nautical term.

—Pirates of the Caribbean: The Curse of the Black Pearl (2003, Disney/Jerry Bruckheimer Inc.)

In most pirate movies, an unprepared ship is overtaken by a crew of pirates. This hijacking happens as the ship is en route to its destination with its cargo as it has probably done many times before.

Session hijacking is similar to pirates taking over a cargo ship. You hijack an existing session of a host en route to your target. The target has no idea that the session has been hijacked and grants you permission as if you were an authorized host.

In Chapter 5, “

Get Penetration Testing and Network Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Penetration Testing and Network Defense by Andrew Whitaker, Daniel P. Newman

Chapter 6. Understanding and Attempting Session Hijacking

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly