Cookie Hijacking
What is Cookie Hijacking?
Cookie HijackingTheft and reuse of a user's HTTP cookies — typically session or authentication cookies — to impersonate that user against a web application.
Cookie hijacking (or cookie theft / cookie sidejacking) is a specific form of session hijacking where the attacker focuses on capturing the browser cookies that identify a user. Common acquisition paths include XSS, malicious browser extensions, info-stealer malware harvesting browser profiles, unencrypted Wi-Fi sniffing, and cross-site leaks. With a valid cookie the attacker can resume the victim's session, bypassing both password and MFA in many architectures. Mitigations include HTTPS with HSTS, the Secure, HttpOnly, and SameSite cookie attributes, short-lived tokens, device or token binding, CSP and DOM-XSS hardening to block stealing scripts, and behavioural detection of sessions reused from new devices, geographies, or IP reputations.
● Examples
- 01
An info-stealer malware exports Chrome's cookies database; criminals replay the cookies into their own browser to access SaaS apps as the victim.
- 02
An attacker on an open Wi-Fi network captures an unencrypted authentication cookie and uses it to log into a webmail account.
● Frequently asked questions
What is Cookie Hijacking?
Theft and reuse of a user's HTTP cookies — typically session or authentication cookies — to impersonate that user against a web application. It belongs to the Attacks & Threats category of cybersecurity.
What does Cookie Hijacking mean?
Theft and reuse of a user's HTTP cookies — typically session or authentication cookies — to impersonate that user against a web application.
How do you defend against Cookie Hijacking?
Defences for Cookie Hijacking typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Cookie Hijacking?
Common alternative names include: Cookie theft, Cookie sidejacking.