Attacks & Threats
Cookie Hijacking
Also known as: Cookie theft, Cookie sidejacking
Definition
Theft and reuse of a user's HTTP cookies — typically session or authentication cookies — to impersonate that user against a web application.
Examples
- An info-stealer malware exports Chrome's cookies database; criminals replay the cookies into their own browser to access SaaS apps as the victim.
- An attacker on an open Wi-Fi network captures an unencrypted authentication cookie and uses it to log into a webmail account.
Related terms
Session Hijacking
An attack that takes over a victim's authenticated session by stealing or forging the session identifier so the attacker can act as the user without their credentials.
Cookie Poisoning
An attack that modifies the contents of HTTP cookies before they are sent back to a web application, in order to alter trust, identity, or business logic decisions.
Cross-Site Scripting (XSS)
A web vulnerability that allows attackers to inject malicious scripts into pages viewed by other users, executing in the victim's browser under the site's origin.
Info Stealer
Malware that harvests credentials, cookies, tokens, crypto wallets, and other sensitive data from an infected device and exfiltrates it to the attacker.
Session Management
Session Management — definition coming soon.
Man-in-the-Middle Attack
An attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.