Skip to main content


Home Sidejacking

Sidejacking

(also cookie theft, session hijacking)

Sidejacking definition

Sidejacking is the remote exploitation of a valid web session to gain unauthorized access to resources in or services on a computer system. The attacker intercepts the victim’s session cookie and uses it to access the server. The attacker does not learn the victim’s password — once the latter logs out, the attacker is logged out with them.

Real sidejacking methods

  • Session side jacking: The attacker uses packet sniffing to monitor the victim’s network traffic and steal their session cookie. Unsecured Wi-Fi networks (such as free public hotspots in restaurants and hotels) are particularly susceptible to session side jacking because unencrypted traffic is visible to other network users.
  • Session fixation: The attacker tricks the victim into setting a specific session ID and waits for them to log in.
  • Cross-site scripting: The attacker forces the victim’s device to surrender cookies when it reads a malicious script injected into a legitimate page.
  • Malware: The attacker installs apps or scripts on the victim’s device to steal cookies from their browser.

Stopping sidejacking

  • Use a VPN like NordVPN to encrypt your online traffic and stop hackers from sniffing out your cookies. This is especially important if you are browsing on an unsecured Wi-Fi network.
  • Log out of sessions when you’re done. Sidejackers don’t know your password — they can only stay logged in as long as you are.