Q: What is session hijacking?
A: Session hijacking is an attack where an attacker takes over a valid TCP communication session between two computers, exploiting session-token generation mechanisms or token security controls.

Q: Why is session hijacking successful?
A: It succeeds due to factors like absence of account lockout for invalid session IDs, weak session-ID generation algorithms, insecure handling of session IDs, indefinite session timeout, and lack of encryption.

Q: What are the three main phases of the session hijacking process?
A: Tracking the connection, desynchronizing the connection, and injecting the attacker's packet.

Q: Describe passive session hijacking.
A: In passive session hijacking, the attacker only observes and records traffic during the session without interfering with the communication flow.

Q: What is network-level hijacking in the OSI model?
A: Network-level hijacking involves intercepting packets during transmission between a client and server in a TCP/UDP session to gain information for further attacks.

Q: How does session sniffing compromise session IDs?
A: Session sniffing uses tools to intercept HTTP traffic between a victim and web server, capturing session IDs and other sensitive information.

Q: What is the difference between spoofing and session hijacking?
A: Spoofing initiates a new session using stolen credentials, while session hijacking takes over an active session by predicting sequence numbers and displacing the legitimate user.

Q: What techniques are used in MITM attacks to compromise session IDs?
A: MITM attacks intrude into an existing connection, splitting it into two parts (client-to-attacker and attacker-to-server) and allowing the attacker to read, modify, and insert fraudulent data into the intercepted communication.

https://quizlet.com/au/928576684/module-11-session-hijacking-flash-cards/?i=2hfw1u&x=1jqt