What Exactly is Session Hijacking [Tutorial]

Session hijacking is widely used method by hackers for temporarily stealing network connections or login sessions. You might have heard this term used a lot by hackers & some of you have emailed me to explain it in brief.

So this post will explain you what exactly is session hijacking & I have written another one for hacking wireless hotspot using session hijacking step by step for understanding the concept.

What is Session

We see lot of Wireless network services offering us to use Wi Fi based on pay per use model – where you have to pay for usage and it costs really high but gives you high speed connectivity.

Evry user that pays for the service get connected. A unique MAC address of his laptop/netbook is stored in Service providers database for every paid user. Every time he gets connected to the paid network it creates a session and Session ID.

Every other user do not having authenticated MAC address and Session gets no connectivity. So this unique connection between user & wireless connectivity provider is session.

Black hat hackers have been using this technique from a long time to get unauthorized access to Paid Wi Fi network.

What is Session Stealing

In session hijacking we create a fake MAC address on our network interface & replace it with original one that we have by using MAC changer utility. And the fake MAC address that we are using is of certain user who is on the network &has already paid the wireless network usage.

So we spoof the MAC address & let network determine us through his MAC address as authenticated user. This is what we call Session Stealing or Hijacking.

Check out this cool article on how you can bypass the Wi Fi Hotspot Access Control by Session Stealing