Journal of Computer Technology & Applications

ABSTRACT
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session id. This paper presents the comparative analysis of session hijacking on different operating systems. The experiment has been conducted on a LAN system. First, session id is captured, then hijacking is performed. The two methods for capturing the session id are used that consist of passive sniffing and active sniffing. The first method is very common, easy to conduct, difficult to detect, and less effective. The second method is very effective but can be detected. The aim of sniffing is to get session id of active connection. This paper also discusses the limitation and dependency of session hijacking attack.

Keywords: operating systems, session hijacking, web server