Sidejacking

Updated: 09/15/2017 by Computer Hope

SidejackingSidejacking is the process of stealing someone's access to a website, typically done on wireless public networks. To sidejack access to a website, the bad actor uses a packet sniffer to obtain an unencrypted cookie that grants access to a website, such as webmail. Sidejacking allows the bad actor to impersonate the user as the session cookie is already providing access to the website's content.

Sidejacking does not allow the bad actor access to the user's password so once the session is logged off, and authentication (logging in with the correct username and password combination) is required the bad actor loses access. SSL access is common and does prevent the discovery of passwords, but many sites do not encrypt data after login and therefore are open to this type of security hole.

Firesheep, Security terms, Security, Session cookie