What is cookie hijacking?
Cookie hijacking is when a third party intercepts a cookie in order to access the sensitive information contained inside the cookie.
Cookie hijackers target unencrypted data sessions using packet sniffing software to access the information contained inside the cookie.
Transport Layer Security (a https protocol) can be used to send encrypted cookies across a secure channel, which would make them inaccessible to most cookie hijacking attempts.
Another method used by cookie hijackers is cross-site scripting, where the hijackers make the user’s webrowser send the cookies to servers that should not receive them.
Cookiemonster attacks are when the hijackers target high volume traffic webservers. Many high volume traffic webservers use authentification for login pages but send data over unsecured channels due to performance reasons. Cookiemonster attackers intercept these cookies when they are traveling across an unsecure channel.