Side jacking, as defined in CEH v13 Web Application Hacking, is a form of session hijacking where an attacker captures valid session identifiers—usually cookies—by sniffing network traffic. This attack is particularly effective when applications fail to encrypt session cookies using HTTPS.
In CEH v13, side jacking is commonly associated with attacks performed on unsecured wireless networks, where attackers passively monitor traffic using packet sniffers such as Wireshark. If session cookies are transmitted in plaintext, the attacker can replay them to impersonate the victim without needing login credentials.
Option B precisely matches this definition: capturing unencrypted session cookies and reusing them to gain unauthorized access.
Other options describe different attack types:
A is credential harvesting via social engineering.
C is network exploitation.
D is cross-site scripting (XSS).
CEH v13 emphasizes enforcing HTTPS, Secure and HttpOnly cookie flags, and session regeneration as defenses against side jacking.
