Hijacking in the context of computing points to the exploitation of a valid machine session, sometimes also termed a session key to obtain unauthorized access to data or services in a computer system.
In general, hijack points to gaining control over something and making it do something else. The most popular kind of hijacking is when malware affects your machine and redirects your web browser, homepage, or search engine to a malicious site or somewhere you don’t want to be.
In detail, Hijacking is the steal of a cookie that is used to authenticate a user to a remote server. For example, the HTTP cookies used to keep a session on many web sites can be stolen using an intermediary machine or with access to the stored cookies on the victim’s machine. If attackers are able to steal the authentication cookie, they can make requests themselves as if they were the original user, gaining access to privileged information or changing data. If this cookie is a persistent cookie, then the impersonation can continue for a considerable period of time. Any protocol in which state is maintained using a key passed between two parties is vulnerable, especially if it’s not encrypted.
