práctica relacionada al Session hijacking, pero generalmente con el
invasor y la víctima en una misma red. Son muy frecuentes los ataques de este
tipo en hotspots Wi-Fi sin seguridad habilitada.
Session sidejacking takes
advantage of an unencrypted communication channel between a victim and target
system. The attacker sniffs traffic on a network looking for session tokens in
unencrypted traffic. Once a session token is captured, the attacker performs
malicious actions by using the stolen token with the targeted application to
impersonate the victim.
This attack is a specific
method of session hijacking, which is exploiting a valid session token to gain
unauthorized access to a target system or information. Other methods to perform
a session hijacking are session fixation, cross-site scripting, or compromising
a user or server machine and stealing the session token.
https://capec.mitre.org/data/definitions/
Term used to describe the
malicious act of hijacking an engaged Web session with a remote service by
intercepting and using the credentials that identified the user/victim to that
specific server. Typically, SideJacking is most common on sites that require
authentication through a username and password, such as online Web mail
accounts as well as social networking sites. SideJacking works only if the site
catches a non-SSL cookie, so any Web site that uses SSL exclusively would be
safe from SideJackers. SideJacking was first demonstrated by Robert Graham, CEO
of Errata Security at Black Hat in 2007.
http://www.webopedia.com/TERM/S/SideJacking.html
Sidejacking refers to the
use of unauthorized identification credentials to hijack a valid Web session
remotely in order to to take over a specific Web server. Usually sidejacking
attacks are performed through accounts where the user types in their username
and password. Sidejacking attacks work to find a nonsecure sockets layer (SSL)
cookie. Usually, websites that have users type in their usernames and passwords
are the type that get sidejacked. Websites that use SSLs don’t have as much of
a chance of being sidejacked, but if the webmasters neglect to authenticate the
site itself through encryption, SSL use can be negated. Unsecured Wi-Fi hot
spots are also vulnerable.
http://www.techopedia.com/definition/4105/sidejacking