CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Session hijacking - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"bd8170b4-dabe-42cf-afe6-b80ab5a97856","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Session_hijacking","wgTitle":"Session hijacking","wgCurRevisionId":1260147493,"wgRevisionId":1260147493,"wgArticleId":4456726,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Articles with short description","Short description is different from Wikidata","Articles needing additional references from June 2010","All articles needing additional references","All articles with failed verification","Articles with failed verification from August 2024","Web security exploits"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Session_hijacking","wgRelevantArticleId":4456726,"wgIsProbablyEditable": true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":20000,"wgRelatedArticlesCompat":[],"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q638079","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true, "wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","site","mediawiki.page.ready","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader", "ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.5"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Session hijacking - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Session_hijacking"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Session_hijacking&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Session_hijacking"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Session_hijacking rootpage-Session_hijacking skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Session+hijacking" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Session+hijacking" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Session+hijacking" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Session+hijacking" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-History_of_HTTP" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History_of_HTTP"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>History of HTTP</span> </div> </a> <ul id="toc-History_of_HTTP-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Methods" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Methods"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>Methods</span> </div> </a> <ul id="toc-Methods-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Exploits" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Exploits"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Exploits</span> </div> </a> <button aria-controls="toc-Exploits-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> <span class="vector-icon mw-ui-icon-wikimedia-expand"></span> <span>Toggle Exploits subsection</span> </button> <ul id="toc-Exploits-sublist" class="vector-toc-list"> <li id="toc-Firesheep" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Firesheep"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.1</span> <span>Firesheep</span> </div> </a> <ul id="toc-Firesheep-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-DroidSheep" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#DroidSheep"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.2</span> <span>DroidSheep</span> </div> </a> <ul id="toc-DroidSheep-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-CookieCadger" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#CookieCadger"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.3</span> <span>CookieCadger</span> </div> </a> <ul id="toc-CookieCadger-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-CookieMonster" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#CookieMonster"> <div class="vector-toc-text"> <span class="vector-toc-numb">3.4</span> <span>CookieMonster</span> </div> </a> <ul id="toc-CookieMonster-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Prevention" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Prevention"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Prevention</span> </div> </a> <ul id="toc-Prevention-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Session hijacking</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 19 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-19" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">19 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D8%A7%D8%B3%D8%AA%D8%BA%D9%84%D8%A7%D9%84_%D8%AC%D9%84%D8%B3%D8%A9" title="استغلال جلسة – Arabic" lang="ar" hreflang="ar" data-title="استغلال جلسة" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target"><span>العربية</span></a></li><li class="interlanguage-link interwiki-az mw-list-item"><a href="https://az.wikipedia.org/wiki/Session_hijacking" title="Session hijacking – Azerbaijani" lang="az" hreflang="az" data-title="Session hijacking" data-language-autonym="Azərbaycanca" data-language-local-name="Azerbaijani" class="interlanguage-link-target"><span>Azərbaycanca</span></a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Segrest_de_sessi%C3%B3" title="Segrest de sessió – Catalan" lang="ca" hreflang="ca" data-title="Segrest de sessió" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/%C3%9Anos_spojen%C3%AD" title="Únos spojení – Czech" lang="cs" hreflang="cs" data-title="Únos spojení" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Session_Hijacking" title="Session Hijacking – German" lang="de" hreflang="de" data-title="Session Hijacking" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Secuestro_de_sesi%C3%B3n" title="Secuestro de sesión – Spanish" lang="es" hreflang="es" data-title="Secuestro de sesión" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D9%86%D8%B4%D8%B3%D8%AA%E2%80%8C%D8%B1%D8%A8%D8%A7%DB%8C%DB%8C" title="نشست‌ربایی – Persian" lang="fa" hreflang="fa" data-title="نشست‌ربایی" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EC%84%B8%EC%85%98_%ED%95%98%EC%9D%B4%EC%9E%AC%ED%82%B9" title="세션 하이재킹 – Korean" lang="ko" hreflang="ko" data-title="세션 하이재킹" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-hy mw-list-item"><a href="https://hy.wikipedia.org/wiki/SideJacking" title="SideJacking – Armenian" lang="hy" hreflang="hy" data-title="SideJacking" data-language-autonym="Հայերեն" data-language-local-name="Armenian" class="interlanguage-link-target"><span>Հայերեն</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Dirottamento_di_sessione" title="Dirottamento di sessione – Italian" lang="it" hreflang="it" data-title="Dirottamento di sessione" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Session_hijacking" title="Session hijacking – Dutch" lang="nl" hreflang="nl" data-title="Session hijacking" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/%E3%82%BB%E3%83%83%E3%82%B7%E3%83%A7%E3%83%B3%E3%83%8F%E3%82%A4%E3%82%B8%E3%83%A3%E3%83%83%E3%82%AF" title="セッションハイジャック – Japanese" lang="ja" hreflang="ja" data-title="セッションハイジャック" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Session_hijacking" title="Session hijacking – Polish" lang="pl" hreflang="pl" data-title="Session hijacking" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Session_hijacking" title="Session hijacking – Portuguese" lang="pt" hreflang="pt" data-title="Session hijacking" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/TCP_hijacking" title="TCP hijacking – Russian" lang="ru" hreflang="ru" data-title="TCP hijacking" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/Istuntokaappaus" title="Istuntokaappaus – Finnish" lang="fi" hreflang="fi" data-title="Istuntokaappaus" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target"><span>Suomi</span></a></li><li class="interlanguage-link interwiki-th mw-list-item"><a href="https://th.wikipedia.org/wiki/%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B9%84%E0%B8%AE%E0%B9%81%E0%B8%88%E0%B9%87%E0%B8%81%E0%B9%80%E0%B8%8B%E0%B8%AA%E0%B8%8A%E0%B8%B1%E0%B8%99" title="การไฮแจ็กเซสชัน – Thai" lang="th" hreflang="th" data-title="การไฮแจ็กเซสชัน" data-language-autonym="ไทย" data-language-local-name="Thai" class="interlanguage-link-target"><span>ไทย</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/TCP_hijacking" title="TCP hijacking – Ukrainian" lang="uk" hreflang="uk" data-title="TCP hijacking" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E4%BC%9A%E8%AF%9D%E5%8A%AB%E6%8C%81" title="会话劫持 – Chinese" lang="zh" hreflang="zh" data-title="会话劫持" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q638079#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Session_hijacking" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Session_hijacking" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Session_hijacking"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Session_hijacking&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Session_hijacking&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Session_hijacking"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Session_hijacking&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Session_hijacking&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Session_hijacking" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Session_hijacking" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q"><span>Special pages</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Session_hijacking&oldid=1260147493" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Session_hijacking&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Session_hijacking&id=1260147493&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSession_hijacking"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FSession_hijacking"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Session_hijacking&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Session_hijacking&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q638079" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Exploitation of a valid computer session</div> <style data-mw-deduplicate="TemplateStyles:r1251242444">.mw-parser-output .ambox{border:1px solid #a2a9b1;border-left:10px solid #36c;background-color:#fbfbfb;box-sizing:border-box}.mw-parser-output .ambox+link+.ambox,.mw-parser-output .ambox+link+style+.ambox,.mw-parser-output .ambox+link+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+style+.ambox,.mw-parser-output .ambox+.mw-empty-elt+link+link+.ambox{margin-top:-1px}html body.mediawiki .mw-parser-output .ambox.mbox-small-left{margin:4px 1em 4px 0;overflow:hidden;width:238px;border-collapse:collapse;font-size:88%;line-height:1.25em}.mw-parser-output .ambox-speedy{border-left:10px solid #b32424;background-color:#fee7e6}.mw-parser-output .ambox-delete{border-left:10px solid #b32424}.mw-parser-output .ambox-content{border-left:10px solid #f28500}.mw-parser-output .ambox-style{border-left:10px solid #fc3}.mw-parser-output .ambox-move{border-left:10px solid #9932cc}.mw-parser-output .ambox-protection{border-left:10px solid #a2a9b1}.mw-parser-output .ambox .mbox-text{border:none;padding:0.25em 0.5em;width:100%}.mw-parser-output .ambox .mbox-image{border:none;padding:2px 0 2px 0.5em;text-align:center}.mw-parser-output .ambox .mbox-imageright{border:none;padding:2px 0.5em 2px 0;text-align:center}.mw-parser-output .ambox .mbox-empty-cell{border:none;padding:0;width:1px}.mw-parser-output .ambox .mbox-image-div{width:52px}@media(min-width:720px){.mw-parser-output .ambox{margin:0 10%}}@media print{body.ns-0 .mw-parser-output .ambox{display:none!important}}</style><table class="box-More_citations_needed plainlinks metadata ambox ambox-content ambox-Refimprove" role="presentation"><tbody><tr><td class="mbox-image"><div class="mbox-image-div"><span typeof="mw:File"><a href="/wiki/File:Question_book-new.svg" class="mw-file-description"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/50px-Question_book-new.svg.png" decoding="async" width="50" height="39" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/75px-Question_book-new.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/9/99/Question_book-new.svg/100px-Question_book-new.svg.png 2x" data-file-width="512" data-file-height="399" /></a></span></div></td><td class="mbox-text"><div class="mbox-text-span">This article <b>needs additional citations for <a href="/wiki/Wikipedia:Verifiability" title="Wikipedia:Verifiability">verification</a></b>.<span class="hide-when-compact"> Please help <a href="/wiki/Special:EditPage/Session_hijacking" title="Special:EditPage/Session hijacking">improve this article</a> by <a href="/wiki/Help:Referencing_for_beginners" title="Help:Referencing for beginners">adding citations to reliable sources</a>. Unsourced material may be challenged and removed.<br /><small><span class="plainlinks"><i>Find sources:</i> <a rel="nofollow" class="external text" href="https://www.google.com/search?as_eq=wikipedia&q=%22Session+hijacking%22">"Session hijacking"</a> – <a rel="nofollow" class="external text" href="https://www.google.com/search?tbm=nws&q=%22Session+hijacking%22+-wikipedia&tbs=ar:1">news</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.google.com/search?&q=%22Session+hijacking%22&tbs=bkt:s&tbm=bks">newspapers</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.google.com/search?tbs=bks:1&q=%22Session+hijacking%22+-wikipedia">books</a> <b>·</b> <a rel="nofollow" class="external text" href="https://scholar.google.com/scholar?q=%22Session+hijacking%22">scholar</a> <b>·</b> <a rel="nofollow" class="external text" href="https://www.jstor.org/action/doBasicSearch?Query=%22Session+hijacking%22&acc=on&wc=on">JSTOR</a></span></small></span> <span class="date-container"><i>(<span class="date">June 2010</span>)</i></span><span class="hide-when-compact"><i> (<small><a href="/wiki/Help:Maintenance_template_removal" title="Help:Maintenance template removal">Learn how and when to remove this message</a></small>)</i></span></div></td></tr></tbody></table> <p>In <a href="/wiki/Computer_science" title="Computer science">computer science</a>, <b>session hijacking</b>, sometimes also known as <b>cookie hijacking</b>, is the <a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">exploitation</a> of a valid <a href="/wiki/Session_(computer_science)" title="Session (computer science)">computer session</a>—sometimes also called a <i>session key</i>—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many websites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see <a href="/wiki/HTTP_cookie#Cookie_theft_and_session_hijacking" title="HTTP cookie">HTTP cookie theft</a>). After successfully stealing appropriate session cookies an adversary might use the Pass the Cookie technique to perform session hijacking. Cookie hijacking is commonly used against client authentication on the internet. Modern web browsers use cookie protection mechanisms to protect the web from being attacked.<sup id="cite_ref-:1_1-0" class="reference"><a href="#cite_note-:1-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> </p><p>A popular method is using source-routed IP packets. This allows an attacker at point <i>B</i> on the network to participate in a conversation between <i>A</i> and <i>C</i> by encouraging the IP packets to pass through <i>B's</i> machine. </p><p>If source-routing is turned off, the attacker can use "blind" hijacking, whereby it guesses the responses of the two machines. Thus, the attacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from elsewhere on the net. </p><p>An attacker can also be "inline" between <i>A</i> and <i>C</i> using a sniffing program to watch the conversation. This is known as a "man-in-the-middle attack". </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="History_of_HTTP">History of HTTP</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=1" title="Edit section: History of HTTP"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>HTTP protocol versions 0.8 and 0.9 lacked cookies and other features necessary for session hijacking. Version 0.9beta of Mosaic Netscape, released on October 13, 1994, supported cookies. </p><p>Early versions of HTTP 1.0 did have some security weaknesses relating to session hijacking, but they were difficult to exploit due to the vagaries of most early HTTP 1.0 servers and browsers. As HTTP 1.0 has been designated as a fallback for HTTP 1.1 since the early 2000s—and as HTTP 1.0 servers are all essentially HTTP 1.1 servers the session hijacking problem has evolved into a nearly permanent security risk.<sup id="cite_ref-2" class="reference"><a href="#cite_note-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup class="noprint Inline-Template" style="white-space:nowrap;">[<i><a href="/wiki/Wikipedia:Verifiability" title="Wikipedia:Verifiability"><span title="The reference doesn't mention anything about HTTP 1.0/1.1 servers, and how they are related to make them a 'permanent' security problem. It does make a good reference for the article. (August 2024)">failed verification</span></a></i>]</sup> </p><p>The introduction of <a href="/wiki/HTTP_cookie#Supercookie" title="HTTP cookie">supercookies</a> and other features with the modernized HTTP 1.1 has allowed for the hijacking problem to become an ongoing security problem. Webserver and browser state machine standardization has contributed to this ongoing security problem. </p> <div class="mw-heading mw-heading2"><h2 id="Methods">Methods</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=2" title="Edit section: Methods"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>There are four main methods used to perpetrate a session hijack. These are: </p> <ul><li><b><a href="/wiki/Session_fixation" title="Session fixation">Session fixation</a></b>, where the attacker sets a user's session ID to one known to them, for example by sending the user an email with a link that contains a particular session ID. The attacker now only has to wait until the user logs in.</li> <li><b>Session side jacking</b>, where the attacker uses <a href="/wiki/Packet_sniffing" class="mw-redirect" title="Packet sniffing">packet sniffing</a> to read network traffic between two parties to steal the session <a href="/wiki/Http_cookie" class="mw-redirect" title="Http cookie">cookie</a>. Many websites use <a href="/wiki/Secure_Sockets_Layer" class="mw-redirect" title="Secure Sockets Layer">SSL</a> encryption for <a href="/wiki/Logging_(computer_security)" class="mw-redirect" title="Logging (computer security)">login</a> pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once <a href="/wiki/Authenticate" class="mw-redirect" title="Authenticate">authenticated</a>. This allows attackers that can read the network traffic to intercept all the data that is submitted to the <a href="/wiki/Web_server" title="Web server">server</a> or web pages viewed by the client. Since this data includes the session <a href="/wiki/HTTP_cookie" title="HTTP cookie">cookie</a>, it allows them to impersonate the victim, even if the password itself is not compromised.<sup id="cite_ref-:0_3-0" class="reference"><a href="#cite_note-:0-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup> Unsecured <a href="/wiki/Wi-Fi" title="Wi-Fi">Wi-Fi</a> <a href="/wiki/Hotspot_(Wi-Fi)" class="mw-redirect" title="Hotspot (Wi-Fi)">hotspots</a> are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the <a href="/wiki/Wireless_access_point" title="Wireless access point">access point</a>.</li> <li><b><a href="/wiki/Cross-site_scripting" title="Cross-site scripting">Cross-site scripting</a></b>, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.</li> <li><b><a href="/wiki/Malware" title="Malware">Malware</a></b> and <a href="/wiki/Potentially_unwanted_program" title="Potentially unwanted program">unwanted programs</a> can use <a href="/wiki/Browser_hijacking" title="Browser hijacking">browser hijacking</a> to steal a browser's cookie files without a user's knowledge, and then perform actions (like installing Android apps) without the user's knowledge.<sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup> An attacker with physical access can simply attempt to steal the <a href="/wiki/Session_key" title="Session key">session key</a> by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server.</li></ul> <p>After successfully acquiring appropriate session cookies an adversary would inject the session cookie into their browser to impersonate the victim user on the website from which the session cookie was stolen from.<sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Exploits">Exploits</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=3" title="Edit section: Exploits"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <div class="mw-heading mw-heading3"><h3 id="Firesheep">Firesheep</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=4" title="Edit section: Firesheep"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Firesheep" title="Firesheep">Firesheep</a>, a <a href="/wiki/Firefox" title="Firefox">Firefox</a> extension introduced in October 2010, demonstrated session hijacking vulnerabilities in unsecured networks. It captured unencrypted cookies from popular websites, allowing users to take over active sessions of others on the same network. The tool worked by displaying potential targets in a sidebar, enabling session access without password theft. The websites supported included <a href="/wiki/Facebook" title="Facebook">Facebook</a>, <a href="/wiki/Twitter" title="Twitter">Twitter</a>, <a href="/wiki/Flickr" title="Flickr">Flickr</a>, <a href="/wiki/Amazon_(company)" title="Amazon (company)">Amazon</a>, <a href="/wiki/Windows_Live" title="Windows Live">Windows Live</a> and <a href="/wiki/Google" title="Google">Google</a>, with the ability to use scripts to add other websites.<sup id="cite_ref-6" class="reference"><a href="#cite_note-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> Only months later, Facebook and Twitter responded by offering (and later requiring) <a href="/wiki/HTTP_Secure" class="mw-redirect" title="HTTP Secure">HTTP Secure</a> throughout.<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="DroidSheep">DroidSheep</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=5" title="Edit section: DroidSheep"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>DroidSheep is a simple Android tool for web session hijacking (sidejacking). It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session id from these packets in order to reuse them. DroidSheep can capture sessions using the libpcap library and supports: open (unencrypted) networks, WEP encrypted networks, and WPA/WPA2 encrypted networks (PSK only). This software uses libpcap and arpspoof.<sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-10" class="reference"><a href="#cite_note-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> The apk was made available on <a href="/wiki/Google_Play" title="Google Play">Google Play</a> but it has been taken down by Google. </p> <div class="mw-heading mw-heading3"><h3 id="CookieCadger">CookieCadger</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=6" title="Edit section: CookieCadger"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>CookieCadger is a graphical Java app that automates sidejacking and replay of HTTP requests, to help identify information leakage from applications that use unencrypted GET requests. It is a cross-platform open-source utility based on the <a href="/wiki/Wireshark" title="Wireshark">Wireshark</a> suite which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis. Cookie Cadger has been used to highlight the weaknesses of youth team sharing sites such as Shutterfly (used by AYSO soccer league) and TeamSnap.<sup id="cite_ref-11" class="reference"><a href="#cite_note-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading3"><h3 id="CookieMonster">CookieMonster</h3><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=7" title="Edit section: CookieMonster"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>CookieMonster is a <a href="/wiki/Man-in-the-middle" class="mw-redirect" title="Man-in-the-middle">man-in-the-middle</a> exploit where a third party can gain <a href="/wiki/HTTP_cookie" title="HTTP cookie">HTTPS cookie</a> data when the "Encrypted Sessions Only" property is not properly set. This could allow access to sites with sensitive personal or financial information. In 2008, this could affect major websites, including Gmail, Google Docs, eBay, Netflix, CapitalOne, Expedia.<sup id="cite_ref-12" class="reference"><a href="#cite_note-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> </p><p>It is a <a href="/wiki/Python_(programming_language)" title="Python (programming language)">Python</a> based tool, developed by security researcher Mike Perry. Perry originally announced the vulnerability exploited by CookieMonster on <a href="/wiki/BugTraq" class="mw-redirect" title="BugTraq">BugTraq</a> in 2007. A year later, he demonstrated CookieMonster as a proof of concept tool at Defcon 16.<sup id="cite_ref-13" class="reference"><a href="#cite_note-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-14" class="reference"><a href="#cite_note-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-15" class="reference"><a href="#cite_note-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> <sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-18" class="reference"><a href="#cite_note-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-19" class="reference"><a href="#cite_note-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-20" class="reference"><a href="#cite_note-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Prevention">Prevention</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=8" title="Edit section: Prevention"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Methods to prevent session hijacking include: </p> <ul><li><a href="/wiki/Encryption" title="Encryption">Encryption</a> of the data traffic passed between the parties by using <a href="/wiki/Secure_Sockets_Layer" class="mw-redirect" title="Secure Sockets Layer">SSL</a>/<a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a>; in particular the session key (though ideally all traffic for the entire session<sup id="cite_ref-21" class="reference"><a href="#cite_note-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup>). This technique is widely relied-upon by web-based banks and other e-commerce services, because it completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack. In response, scientists from the <a href="/wiki/Radboud_University_Nijmegen" title="Radboud University Nijmegen">Radboud University Nijmegen</a> proposed in 2013 a way to prevent session hijacking by correlating the application session with the <a href="/wiki/Secure_Sockets_Layer" class="mw-redirect" title="Secure Sockets Layer">SSL</a>/<a href="/wiki/Transport_Layer_Security" title="Transport Layer Security">TLS</a> credentials<sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup></li> <li>Use of a long random number or string as the <a href="/wiki/Session_key" title="Session key">session key</a>. This reduces the risk that an attacker could simply guess a valid session key through trial and error or brute force attacks.</li> <li>Regenerating the session id after a successful login. This prevents <a href="/wiki/Session_fixation" title="Session fixation">session fixation</a> because the attacker does not know the session id of the user after they have logged in.</li> <li>Some services make secondary checks against the identity of the user. For instance, a web server could check with each request made that the IP address of the user matched the one last used during that session. This does not prevent attacks by somebody who shares the same IP address, however, and could be frustrating for users whose IP address is <a href="/wiki/Dynamic_IP" class="mw-redirect" title="Dynamic IP">liable to change during a browsing session</a>.</li> <li>Alternatively, some services will change the value of the cookie with each and every request. This dramatically reduces the window in which an attacker can operate and makes it easy to identify whether an attack has taken place, but can cause other technical problems (for example, two legitimate, closely timed requests from the same client can lead to a token check error on the server).</li> <li>Users may also wish to log out of websites whenever they are finished using them.<sup id="cite_ref-23" class="reference"><a href="#cite_note-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> However this will not protect against attacks such as <a href="/wiki/Firesheep" title="Firesheep">Firesheep</a>.</li></ul> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=9" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/ArpON" title="ArpON">ArpON</a></li> <li><a href="/wiki/Cross-site_request_forgery" title="Cross-site request forgery">Cross-site request forgery</a></li> <li><a href="/wiki/HTTP_cookie" title="HTTP cookie">HTTP cookie</a></li> <li><a href="/wiki/TCP_sequence_prediction_attack" title="TCP sequence prediction attack">TCP sequence prediction attack</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Session_hijacking&action=edit&section=10" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-:1-1"><span class="mw-cite-backlink"><b><a href="#cite_ref-:1_1-0">^</a></b></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite id="CITEREFBugliesiCalzavaraFocardiKhan2015" class="citation journal cs1">Bugliesi, Michele; Calzavara, Stefano; Focardi, Riccardo; Khan, Wilayat (2015-09-16). "CookiExt: Patching the browser against session hijacking attacks". <i>Journal of Computer Security</i>. <b>23</b> (4): 509–537. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.3233%2Fjcs-150529">10.3233/jcs-150529</a>. <a href="/wiki/Hdl_(identifier)" class="mw-redirect" title="Hdl (identifier)">hdl</a>:<span class="id-lock-free" title="Freely accessible"><a rel="nofollow" class="external text" href="https://hdl.handle.net/10278%2F3663357">10278/3663357</a></span>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1875-8924">1875-8924</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Journal+of+Computer+Security&rft.atitle=CookiExt%3A+Patching+the+browser+against+session+hijacking+attacks&rft.volume=23&rft.issue=4&rft.pages=509-537&rft.date=2015-09-16&rft_id=info%3Ahdl%2F10278%2F3663357&rft.issn=1875-8924&rft_id=info%3Adoi%2F10.3233%2Fjcs-150529&rft.aulast=Bugliesi&rft.aufirst=Michele&rft.au=Calzavara%2C+Stefano&rft.au=Focardi%2C+Riccardo&rft.au=Khan%2C+Wilayat&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-2"><span class="mw-cite-backlink"><b><a href="#cite_ref-2">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://cwatch.comodo.com/blog/website-security/what-is-session-hijacking/">"Session Hijacking & HTTP Communication"</a>. 19 October 2020. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20201031013639/https://cwatch.comodo.com/blog/website-security/what-is-session-hijacking/">Archived</a> from the original on 2020-10-31.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Session+Hijacking+%26+HTTP+Communication&rft.date=2020-10-19&rft_id=https%3A%2F%2Fcwatch.comodo.com%2Fblog%2Fwebsite-security%2Fwhat-is-session-hijacking%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-:0-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-:0_3-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://news.bbc.co.uk/2/hi/technology/6929258.stm">"Warning of webmail wi-fi hijack"</a>. <a href="/wiki/BBC_News" title="BBC News">BBC News</a>. August 3, 2007.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Warning+of+webmail+wi-fi+hijack&rft.pub=BBC+News&rft.date=2007-08-03&rft_id=http%3A%2F%2Fnews.bbc.co.uk%2F2%2Fhi%2Ftechnology%2F6929258.stm&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.malwarebytes.com/threats/browser-hijacker/">"Malware use Browser Hijacking to steal cookie"</a>. 19 October 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Malware+use+Browser+Hijacking+to+steal+cookie&rft.date=2020-10-19&rft_id=https%3A%2F%2Fblog.malwarebytes.com%2Fthreats%2Fbrowser-hijacker%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNikiforakisMeertYounanJohns2011" class="citation book cs1">Nikiforakis, Nick; Meert, Wannes; Younan, Yves; Johns, Martin; Joosen, Wouter (2011). <a rel="nofollow" class="external text" href="https://link.springer.com/chapter/10.1007/978-3-642-19125-1_7">"SessionShield: Lightweight Protection against Session Hijacking"</a>. In Erlingsson, Úlfar; Wieringa, Roel; Zannone, Nicola (eds.). <i>Engineering Secure Software and Systems</i>. Lecture Notes in Computer Science. Vol. 6542. Berlin, Heidelberg: Springer. p. 89. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-642-19125-1_7">10.1007/978-3-642-19125-1_7</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-642-19125-1" title="Special:BookSources/978-3-642-19125-1"><bdi>978-3-642-19125-1</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=SessionShield%3A+Lightweight+Protection+against+Session+Hijacking&rft.btitle=Engineering+Secure+Software+and+Systems&rft.place=Berlin%2C+Heidelberg&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=89&rft.pub=Springer&rft.date=2011&rft_id=info%3Adoi%2F10.1007%2F978-3-642-19125-1_7&rft.isbn=978-3-642-19125-1&rft.aulast=Nikiforakis&rft.aufirst=Nick&rft.au=Meert%2C+Wannes&rft.au=Younan%2C+Yves&rft.au=Johns%2C+Martin&rft.au=Joosen%2C+Wouter&rft_id=https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-19125-1_7&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-6"><span class="mw-cite-backlink"><b><a href="#cite_ref-6">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20240306061808/http://www.h-online.com/open/news/item/Firefox-extension-steals-Facebook-Twitter-etc-sessions-1124596.html">"Firefox extension steals Facebook, Twitter, etc. sessions"</a>. <i>The H</i>. 25 October 2010. Archived from <a rel="nofollow" class="external text" href="http://www.h-online.com/open/news/item/Firefox-extension-steals-Facebook-Twitter-etc-sessions-1124596.html">the original</a> on 2024-03-06.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+H&rft.atitle=Firefox+extension+steals+Facebook%2C+Twitter%2C+etc.+sessions&rft.date=2010-10-25&rft_id=http%3A%2F%2Fwww.h-online.com%2Fopen%2Fnews%2Fitem%2FFirefox-extension-steals-Facebook-Twitter-etc-sessions-1124596.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://www.h-online.com/security/news/item/Facebook-now-SSL-encrypted-throughout-1178190.html">"Facebook now SSL-encrypted throughout"</a>. <i>The H</i>. 27 January 2011.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+H&rft.atitle=Facebook+now+SSL-encrypted+throughout&rft.date=2011-01-27&rft_id=http%3A%2F%2Fwww.h-online.com%2Fsecurity%2Fnews%2Fitem%2FFacebook-now-SSL-encrypted-throughout-1178190.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://www.h-online.com/security/news/item/Twitter-adds-Always-use-HTTPS-option-1209032.html">"Twitter adds 'Always use HTTPS' option"</a>. <i>The H</i>. 16 March 2011.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+H&rft.atitle=Twitter+adds+%27Always+use+HTTPS%27+option&rft.date=2011-03-16&rft_id=http%3A%2F%2Fwww.h-online.com%2Fsecurity%2Fnews%2Fitem%2FTwitter-adds-Always-use-HTTPS-option-1209032.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://code.google.com/p/droidsheep/">"DroidSheep"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=DroidSheep&rft_id=https%3A%2F%2Fcode.google.com%2Fp%2Fdroidsheep%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-10">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20161120163351/http://droidsheep.de/">"DroidSheep Blog"</a>. Archived from <a rel="nofollow" class="external text" href="http://droidsheep.de/">the original</a> on 2016-11-20<span class="reference-accessdate">. Retrieved <span class="nowrap">2012-08-07</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=DroidSheep+Blog&rft_id=http%3A%2F%2Fdroidsheep.de%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-11"><span class="mw-cite-backlink"><b><a href="#cite_ref-11">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.motherjones.com/politics/2013/05/shutterfly-teamsnap-eteamz-ssl-hackers-kids-data/">"How Shutterfly and Other Social Sites Leave Your Kids Vulnerable to Hackers"</a>. <i>Mother Jones</i>. 2013-05-03. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240519210800/https://www.motherjones.com/politics/2013/05/shutterfly-teamsnap-eteamz-ssl-hackers-kids-data/">Archived</a> from the original on 2024-05-19.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Mother+Jones&rft.atitle=How+Shutterfly+and+Other+Social+Sites+Leave+Your+Kids+Vulnerable+to+Hackers&rft.date=2013-05-03&rft_id=https%3A%2F%2Fwww.motherjones.com%2Fpolitics%2F2013%2F05%2Fshutterfly-teamsnap-eteamz-ssl-hackers-kids-data%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-12"><span class="mw-cite-backlink"><b><a href="#cite_ref-12">^</a></b></span> <span class="reference-text"> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodwin" class="citation web cs1">Goodwin, Dan. <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2008/09/11/cookiemonstor_rampage/">"CookieMonster nabs user creds from secure sites • The Register"</a>. www.theregister.co.uk<span class="reference-accessdate">. Retrieved <span class="nowrap">2009-02-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=CookieMonster+nabs+user+creds+from+secure+sites+%E2%80%A2+The+Register&rft.pub=www.theregister.co.uk&rft.aulast=Goodwin&rft.aufirst=Dan&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2008%2F09%2F11%2Fcookiemonstor_rampage%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-13"><span class="mw-cite-backlink"><b><a href="#cite_ref-13">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPerry2008" class="citation web cs1">Perry, Mike (4 August 2008). <a rel="nofollow" class="external text" href="https://fscked.org/projects/cookiemonster">"CookieMonster: Cookie Hijacking | fscked.org"</a>. <i>fscked.org</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-12-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=fscked.org&rft.atitle=CookieMonster%3A+Cookie+Hijacking+%7C+fscked.org&rft.date=2008-08-04&rft.aulast=Perry&rft.aufirst=Mike&rft_id=https%3A%2F%2Ffscked.org%2Fprojects%2Fcookiemonster&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-14">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFClaburn2008" class="citation web cs1">Claburn, Thomas (11 September 2008). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20080912120333/http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=210601197">"CookieMonster Can Steal HTTPS Cookies -- Security -- InformationWeek"</a>. <i><a href="/wiki/InformationWeek" title="InformationWeek">InformationWeek</a></i>. Archived from <a rel="nofollow" class="external text" href="http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=210601197">the original</a> on 12 September 2008.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=InformationWeek&rft.atitle=CookieMonster+Can+Steal+HTTPS+Cookies+--+Security+--+InformationWeek&rft.date=2008-09-11&rft.aulast=Claburn&rft.aufirst=Thomas&rft_id=http%3A%2F%2Fwww.informationweek.com%2Fnews%2Fsecurity%2Fvulnerabilities%2FshowArticle.jhtml%3FarticleID%3D210601197&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-15">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2008" class="citation web cs1">Goodin, Dan (11 Sep 2008). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2008/09/11/cookiemonstor_rampage/">"CookieMonster nabs user creds from secure sites"</a>. <i>www.theregister.co.uk</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-12-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.theregister.co.uk&rft.atitle=CookieMonster+nabs+user+creds+from+secure+sites&rft.date=2008-09-11&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2008%2F09%2F11%2Fcookiemonstor_rampage%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPerry2008" class="citation web cs1">Perry, Mike (24 August 2008). <a rel="nofollow" class="external text" href="https://fscked.org/blog/incomplete-list-alleged-vulnerable-sites">"Incomplete List of Alleged Vulnerable Sites | fscked.org"</a>. <i>fscked.org</i><span class="reference-accessdate">. Retrieved <span class="nowrap">2018-12-18</span></span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=fscked.org&rft.atitle=Incomplete+List+of+Alleged+Vulnerable+Sites+%7C+fscked.org&rft.date=2008-08-24&rft.aulast=Perry&rft.aufirst=Mike&rft_id=https%3A%2F%2Ffscked.org%2Fblog%2Fincomplete-list-alleged-vulnerable-sites&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPrince2008" class="citation web cs1">Prince, Brian (September 12, 2008). <a rel="nofollow" class="external text" href="https://www.eweek.com/security/https-cookie-hijacking-tool-cookiemonster-gobbles-personal-data/">"HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data"</a>. <i><a href="/wiki/EWeek" title="EWeek">eWeek</a></i>. <a href="/wiki/Ziff-Davis" class="mw-redirect" title="Ziff-Davis">Ziff-Davis</a>. <a rel="nofollow" class="external text" href="https://archive.today/20241029231948/https://www.eweek.com/security/https-cookie-hijacking-tool-cookiemonster-gobbles-personal-data/">Archived</a> from the original on October 29, 2024.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=eWeek&rft.atitle=HTTPS+Cookie-Hijacking+Tool+CookieMonster+Gobbles+Personal+Data&rft.date=2008-09-12&rft.aulast=Prince&rft.aufirst=Brian&rft_id=https%3A%2F%2Fwww.eweek.com%2Fsecurity%2Fhttps-cookie-hijacking-tool-cookiemonster-gobbles-personal-data%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-18"><span class="mw-cite-backlink"><b><a href="#cite_ref-18">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.youtube.com/watch?v=tj5C1BQqbb8">"Perry's Defcon Presentation (YouTube)"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Perry%27s+Defcon+Presentation+%28YouTube%29&rft_id=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Dtj5C1BQqbb8&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-19">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://fscked.org/proj/cookiemonster/ActiveHTTPSCookieStealing.pdf">"Defcon Presentation slides"</a> <span class="cs1-format">(PDF)</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Defcon+Presentation+slides&rft_id=https%3A%2F%2Ffscked.org%2Fproj%2Fcookiemonster%2FActiveHTTPSCookieStealing.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-20"><span class="mw-cite-backlink"><b><a href="#cite_ref-20">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://fscked.org/blog/cookiemonster-core-logic-configuration-and-readmes">"CookieMonster Core Logic, Configuration, and READMEs"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=CookieMonster+Core+Logic%2C+Configuration%2C+and+READMEs&rft_id=http%3A%2F%2Ffscked.org%2Fblog%2Fcookiemonster-core-logic-configuration-and-readmes&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-21">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.schneier.com/blog/archives/2010/10/firesheep.html">"Schneier on Security: Firesheep"</a>. 27 October 2010<span class="reference-accessdate">. Retrieved <span class="nowrap">29 May</span> 2011</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Schneier+on+Security%3A+Firesheep&rft.date=2010-10-27&rft_id=http%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2010%2F10%2Ffiresheep.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBurgersRoel_VerdultMarko_van_Eekelen2013" class="citation book cs1">Burgers, Willem; Roel Verdult; Marko van Eekelen (2013). <a rel="nofollow" class="external text" href="https://www.springer.com/computer/security+and+cryptology/book/978-3-642-41487-9">"Prevent Session Hijacking by Binding the Session to the Cryptographic Network Credentials"</a>. <i>Secure IT Systems</i>. Lecture Notes in Computer Science. Vol. 8208. pp. 33–50. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-642-41488-6_3">10.1007/978-3-642-41488-6_3</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-642-41487-9" title="Special:BookSources/978-3-642-41487-9"><bdi>978-3-642-41487-9</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Prevent+Session+Hijacking+by+Binding+the+Session+to+the+Cryptographic+Network+Credentials&rft.btitle=Secure+IT+Systems&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=33-50&rft.date=2013&rft_id=info%3Adoi%2F10.1007%2F978-3-642-41488-6_3&rft.isbn=978-3-642-41487-9&rft.aulast=Burgers&rft.aufirst=Willem&rft.au=Roel+Verdult&rft.au=Marko+van+Eekelen&rft_id=https%3A%2F%2Fwww.springer.com%2Fcomputer%2Fsecurity%2Band%2Bcryptology%2Fbook%2F978-3-642-41487-9&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-23"><span class="mw-cite-backlink"><b><a href="#cite_ref-23">^</a></b></span> <span class="reference-text"><i>See</i> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://itc.virginia.edu/netbadge/logout.html">"NetBadge: How To Log Out"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NetBadge%3A+How+To+Log+Out&rft_id=http%3A%2F%2Fitc.virginia.edu%2Fnetbadge%2Flogout.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><i>See also</i> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.becardsmart.org.uk/always_log_out">"Be Card Smart Online - Always log out"</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Be+Card+Smart+Online+-+Always+log+out&rft_id=http%3A%2F%2Fwww.becardsmart.org.uk%2Falways_log_out&rfr_id=info%3Asid%2Fen.wikipedia.org%3ASession+hijacking" class="Z3988"></span></span> </li> </ol></div></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1&useformat=desktop" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Session_hijacking&oldid=1260147493">https://en.wikipedia.org/w/index.php?title=Session_hijacking&oldid=1260147493</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Category</a>: <ul><li><a href="/wiki/Category:Web_security_exploits" title="Category:Web security exploits">Web security exploits</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_is_different_from_Wikidata" title="Category:Short description is different from Wikidata">Short description is different from Wikidata</a></li><li><a href="/wiki/Category:Articles_needing_additional_references_from_June_2010" title="Category:Articles needing additional references from June 2010">Articles needing additional references from June 2010</a></li><li><a href="/wiki/Category:All_articles_needing_additional_references" title="Category:All articles needing additional references">All articles needing additional references</a></li><li><a href="/wiki/Category:All_articles_with_failed_verification" title="Category:All articles with failed verification">All articles with failed verification</a></li><li><a href="/wiki/Category:Articles_with_failed_verification_from_August_2024" title="Category:Articles with failed verification from August 2024">Articles with failed verification from August 2024</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 29 November 2024, at 04:13<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Session_hijacking&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-5c59558b9d-55fcm","wgBackendResponseTime":138,"wgPageParseReport":{"limitreport":{"cputime":"0.419","walltime":"0.509","ppvisitednodes":{"value":1450,"limit":1000000},"postexpandincludesize":{"value":49129,"limit":2097152},"templateargumentsize":{"value":1364,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":3,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":82901,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 464.509 1 -total"," 52.42% 243.507 1 Template:Reflist"," 20.06% 93.175 1 Template:Cite_journal"," 18.94% 87.986 1 Template:Refimprove"," 18.72% 86.963 18 Template:Cite_web"," 18.55% 86.183 1 Template:Short_description"," 17.54% 81.468 1 Template:Ambox"," 12.28% 57.046 2 Template:Pagetype"," 5.89% 27.338 1 Template:Failed_verification"," 4.79% 22.243 1 Template:Fix"]},"scribunto":{"limitreport-timeusage":{"value":"0.275","limit":"10.000"},"limitreport-memusage":{"value":5910531,"limit":52428800}},"cachereport":{"origin":"mw-api-int.codfw.main-58cc965476-lfqxs","timestamp":"20241129041314","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Session hijacking","url":"https:\/\/en.wikipedia.org\/wiki\/Session_hijacking","sameAs":"http:\/\/www.wikidata.org\/entity\/Q638079","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q638079","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2006-03-20T16:32:45Z","dateModified":"2024-11-29T04:13:10Z","headline":"exploitation of a valid computer session to gain unauthorized access to information or services in a computer system"}</script> </body> </html>