Session hijacking happens when an attacker hacks the session of a user by obtaining the authentication. For instance, someone has logged into his bank account on the bank website. The session starts once he is logged in and it ends when logged out. The method of taking over a session is called session hijacking.
Ettercap: Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Session Hijacking Tools for Mobile: DroidSheep and DroidSniff
- DroidSheep is a simple Android tool for web session hijacking (sidejacking).
- It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session IDs from these packets.
- DroidSniff is an Android app for security analysis in wireless networks and capturing Facebook, Twitter, Linkedin, and other accounts.