Sidejacking

Updated: 09/15/2017 by Computer Hope
Hacking in blue lettering on a simulated computer screen.

Sidejacking is stealing someone's access to a website, often done on wireless public networks. To sidejack access to a website, the bad actor uses a packet sniffer to obtain an unencrypted cookie that grants access to a website, such as webmail. Sidejacking allows the bad actor to impersonate the user as the session cookie is already providing access to the website's content.

Sidejacking does not allow the bad actor access to the user's password. Once the session is logged off, and authentication is required to log in, the bad actor loses access. SSL (secure sockets layer) access helps prevent the discovery of passwords, but many sites do not encrypt data after login and are open to this type of security hole.

Firesheep, Man-in-the-middle attack, Security, Security terms, Session cookie