Session Hijacking
Taking over an authenticated user session by stealing the session token or cookie.
Full Definition
Session hijacking is an attack in which a threat actor takes control of a legitimate user's active web session by stealing the session token or cookie that the application uses to authenticate the user. Once in possession of a valid session token, the attacker can impersonate the victim without needing their username or password — and crucially, without needing to bypass MFA.
Session cookies are prime targets for infostealer malware, which harvests all browser cookies from infected devices and transmits them to C2 infrastructure. Attackers then load these cookies into their own browsers to access accounts directly. The most valuable cookies are those for high-privilege accounts, corporate SSO systems, email platforms, and financial services.
Defenses include short session lifetimes, binding sessions to device fingerprints, secure and HTTPOnly cookie flags, and monitoring for concurrent sessions from different geographic locations.
Related Terms
Infostealer
Malware designed to silently harvest credentials, cookies, and sensitive data from infected devices.
Malware & InfrastructureAccount Takeover (ATO)
Unauthorized access to a user account by exploiting stolen credentials.
Attack TypesMulti-Factor Authentication (MFA)
A security mechanism requiring two or more forms of verification before granting access.
Defensive SecurityStealer Log
A structured package of data harvested by infostealer malware from a single infected device.
Data & LeaksMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.