Sidejacking attack or session hijacking is the process of stealing someone’s access to a website with a remote service by intercepting and using the credentials that identified the user/victim to that specific server. Usually, sidejacking attacks are performed through accounts where the user types in their username and password. Session sidejacking is a type of security threat in which an attacker hijacks a session by intercepting and reading network traffic between two parties to steal the session cookie. the attacker can now make use of your cookie to impersonate your account and can do everything a user can do when logged-in to any website. Sidejacking attacks work to find a nonsecure sockets layer (SSL) cookie.
To sidejack access to a website, the bad actor uses a packet sniffer to obtain an unencrypted cookie that grants access to a website. SideJacking is most common on sites that require authentication through a username and password, such as online Webmail accounts as well as social networking sites. Victims of identity theft can suffer financial losses, while the related sites may face litigation and negative publicity
How do you Prevent Sidejacking or session hijacking:
- Use only websites which are using Valid SSL.
- Use a virtual private network (VPN) while using Public Wi-Fi.
- Always Log out websites when done.
- Data between Server and the browser should be encrypted.