Session hijacking basically refers to hijacking a server's particular session where as Session Fixation means authenticating a user without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. The combined attack of Session Hijacking and Session Fixation gives a malicious user full access as an authenticated use. Web Applications requires Cookies to store temporary data. Sometimes these cookies stores session ID of a logged in user.This enables the user to be uniquely identified by the server till he logs out and the session is being destroyed. The attack can be represented as follow For this demonstration I am using Firefox Browser ( Attacker ) Comodo IceDragon Browser ( Victim ) Tamper data ( Firefox Addon ) This tutorial requires Cookie Stealing Methods. If you dont know about it check my previous post. CAUTIO
Web - Network - System - Mobile - Cloud - Automotive - Embedded - Internet Of Things (IOT)