Vol. 4 No. 4 (2025): October
RESEARCH ARTICLES

Exploring Web Security Vulnerabilities Considering Man in the Middle and Session Hijacking

DOWNLOAD PDF
  • Shaik Faqrunnisa,
  • Shaik Adil,
  • Shaik Mohammed Arbaaz,
  • Shaik Althaf Ali,
  • Shaik Arifullah
Shaik Faqrunnisa
Department of Computer Science and Engineering, Annamacharya Institute of Technology and Sciences, Kadapa, Andhra Pradesh, India
Shaik Adil
Department of Computer Science and Engineering, Annamacharya Institute of Technology and Sciences, Kadapa, Andhra Pradesh, India
Shaik Mohammed Arbaaz
Department of Computer Science and Engineering, Annamacharya Institute of Technology and Sciences, Kadapa, Andhra Pradesh, India
Shaik Althaf Ali
Department of Computer Science and Engineering, Annamacharya Institute of Technology and Sciences, Kadapa, Andhra Pradesh, India
Shaik Arifullah
Department of Computer Science and Engineering, Annamacharya Institute of Technology and Sciences, Kadapa, Andhra Pradesh, India
DOI: https://doi.org/10.5281/zenodo.15224950

Published 2025-04-15

Keywords

  • Cybersecurity,
  • Man-in-the-Middle (MITM) attack,
  • Session Hijacking,
  • Web-based Attacks,
  • TCP/IP Security,
  • DNS Spoofing,
  • ARP Spoofing,
  • Packet Sniffing,
  • Cryptographic Protocols
    • ...More
    Less

How to Cite

Shaik Faqrunnisa, Shaik Adil, Shaik Mohammed Arbaaz, Shaik Althaf Ali, & Shaik Arifullah. (2025). Exploring Web Security Vulnerabilities Considering Man in the Middle and Session Hijacking. International Journal of Computational Learning & Intelligence, 4(4), 580–590. https://doi.org/10.5281/zenodo.15224950

Copyright (c) 2025 Shaik Faqrunnisa, Shaik Adil, Shaik Mohammed Arbaaz, Shaik Althaf Ali, Shaik Arifullah

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Abstract

Cybersecurity threats such as Man-in-the-Middle (MITM) attacks and Session Hijacking (SH) account for over 35% of web-based cyber intrusions, causing financial losses exceeding $6 billion annually. Despite extensive research on these attacks independently, a unified analysis remains underexplored. This study bridges that gap by conducting a Systematic Literature Review (SLR) on over 150 research papers from IEEE, ACM, and ScienceDirect, comparing MITM and SH in terms of attack frequency, methodologies, vulnerabilities, and countermeasures. Our findings indicate that MITM attacks constitute 27% of credential theft incidents, exploiting weak HTTPS encryption, phony server links, and packet sniffing. In contrast, Session Hijacking is responsible for 18% of unauthorized access cases, often leveraging TCP/UDP hijacking, cookie theft, and replay attacks. The study also reveals that 70% of successful MITM and SH attacks stem from improper session security configurations. To mitigate these risks, we propose an advanced cybersecurity framework integrating real-time behavioral analytics to detect anomalies with an 85% accuracy rate, significantly reducing unauthorized access attempts. By implementing adaptive security measures and AI-driven intrusion detection, organizations can enhance their defenses against these evolving threats
DOWNLOAD PDF

References

  1. Al-Khurafi, O. B., & Al-Ahmad, M. A. (2015, December). Survey of web application vulnerability attacks. In Proceedings of the 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT) (pp. 154–158).
  2. Hossain, M. S., Paul, A., Islam, M. H., & Atiquzzaman, M. (2018). Survey of the protection mechanisms to the SSL-based session hijacking attacks. Network Protocols and Algorithms, 10(1), 83–108.
  3. Dhirani, L. L., Mukhtiar, N., Chowdhry, B. S., & Newe, T. (2023). Ethical dilemmas and privacy issues in emerging technologies: A review. Sensors, 23(3), 1151.
  4. Corrigan-Gibbs, H., Henzinger, A., & Kogan, D. (2022). Single-server private information retrieval with sublinear amortized time. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 3–33). Springer.
  5. Glăvan, D., Răcuciu, C., Moinescu, R., & Eftimie, S. (2020). Sniffing attacks on computer networks. Scientific Bulletin of the Mircea cel Batran Naval Academy, 23(1), 202–207.
  6. Nasereddin, M., ALKhamaiseh, A., Qasaimeh, M., & Al-Qassas, R. (2023). A systematic review of detection and prevention techniques of SQL injection attacks. Information Security Journal: A Global Perspective, 32(4), 252–265.
  7. Ahmed, S. T., Fathima, A. S., Nishabai, M., & Sophia, S. (2024). Medical ChatBot assistance for primary clinical guidance using machine learning techniques. Procedia Computer Science, 233, 279-287.
  8. Ahmed, S. T., Kumar, V. V., & Jeong, J. (2024). Heterogeneous workload-based consumer resource recommendation model for smart cities: EHealth edge–cloud connectivity using federated split learning. IEEE Transactions on Consumer Electronics, 70(1), 4187-4196.
  9. Ahmed, S. T., Priyanka, H. K., Attar, S., & Patted, A. (2017, June). Cataract density ratio analysis under color image processing approach. In 2017 International Conference on Intelligent Computing and Control Systems (ICICCS) (pp. 178-180). IEEE.
  10. Ajmal, S., & Muzammil, M. B. (2019, April). PVRS: Publication venue recommendation system a systematic literature review. In Proceedings of the 5th International Conference on Computer Engineering and Design (ICCED) (pp. 1–6).
  11. Al-Sharif, S., Iqbal, F., Baker, T., & Khattack, A. (2016, November). White-hat hacking framework for promoting security awareness. In Proceedings of the 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS) (pp. 1–6).
  12. Algarni, F., Khan, M. A., Alawad, W., & Halima, N. B. (2023). P3S: Pertinent privacy-preserving scheme for remotely sensed environmental data in smart cities. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, 16, 5905–5918.
  13. Alghamdi, N. S., & Khan, M. A. (2021). Energy-efficient and blockchain enabled model for Internet of Things (IoT) in smart cities. Computer Materials & Continua, 66(3), 2509–2524.
  14. Basha, S. M., & Fathima, A. S. (2023). Natural language processing: Practical approach. MileStone Research Publications.
  15. Bernal, A., Parra, O., & Díaz, R. (2018). Man in the middle attack: Prevention in wireless LAN. International Journal of Applied Engineering Research, 13(7), 4671–4672.
  16. Bhushan, B., Sahoo, G., & Rai, A. K. (2017, September). Man-in-the-middle attack in wireless and computer networking—A review. In Proceedings of the 3rd International Conference on Advanced Computing, Communication and Automation (ICACCA) (pp. 1–6).
  17. Chordiya, A. R., Majumder, S., & Javaid, A. Y. (2018, May). Man-in-the-middle (MITM) attack based hijacking of HTTP traffic using open source tools. In Proceedings of the IEEE International Conference on Electro/Information Technology (EIT) (pp. 438–443).
  18. Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027–2051.
  19. Dwaram, J. R., & Madapuri, R. K. (2022). Crop yield forecasting by long short‐term memory network with Adam optimizer and Huber loss function in Andhra Pradesh, India. Concurrency and Computation: Practice and Experience, 34(27). https://doi.org/10.1002/cpe.7310
  20. Fadhil, H., & Hakim, A. R. (2021, October). Classification model of web application attacks. In Proceedings of the 6th International Workshop on Big Data and Information Security (IWBIS) (pp. 87–90).
  21. Fathima, A. S., Basha, S. M., Ahmed, S. T., Mathivanan, S. K., Rajendran, S., Mallik, S., & Zhao, Z. (2023). Federated learning based futuristic biomedical big-data analysis and standardization. Plos one, 18(10), e0291631.
  22. Fathima, A. S., Prakesh, D., & Kumari, S. (2022). Defined Circle Friend Recommendation Policy for Growing Social Media. International Journal of Human Computations & Intelligence, 1(1), 9-12.
  23. Glăvan, D., Răcuciu, C., Moinescu, R., & Eftimie, S. (2020). Man in the middle attack on HTTPS protocol. Scientific Bulletin of the Mircea cel Batran Naval Academy, 23(1), 199–201.
  24. Kamal, P. (2016). State of the art survey on session hijacking. Global Journal of Computer Science and Technology, 16(1), 39–49.
  25. Khan, M. A. (2022). A formal method for privacy-preservation in cognitive smart cities. Expert Systems, 39(5), e12855.
  26. Kitchenham, B., Madeyski, L., & Budgen, D. (2023). How should software engineering secondary studies include grey material? IEEE Transactions on Software Engineering, 49(2), 872–882.
  27. Madapuri, R. K., & Mahesh, P. C. S. (2017). HBS-CRA: Scaling impact of change request towards fault proneness: Defining a heuristic and biases scale (HBS) of change request artifacts (CRA). Cluster Computing, 22(S5), 11591–11599. https://doi.org/10.1007/s10586-017-1424-0
  28. Mohammadi, A. A., Hussain, R., Oracevic, A., Kazmi, S. M. A. R., Hussain, F., Aloqaily, M., & Son, J. (2022, May). A novel TCP/IP header hijacking attack on SDN. In Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (pp. 1–2).
  29. Nithya, V., Pandian, S. L., & Malarvizhi, C. (2015). A survey on detection and prevention of cross-site scripting attack. International Journal of Security and Its Applications, 9(3), 139–152.
  30. Pichiliani, T. C. P. B., & Pizzolato, E. B. (2021). Cognitive disabilities and web accessibility: A survey into the Brazilian web development community. Journal of Interactive Systems, 12(1), 308–327.
  31. Raja, D. K., Kumar, G. H., Basha, S. M., & Ahmed, S. T. (2022). Recommendations based on integrated matrix time decomposition and clustering optimization. International Journal of Performability Engineering, 18(4), 298.
  32. Reddy, B. S. H. (2025). Deep learning-based detection of hair and scalp diseases using CNN and image processing. Milestone Transactions on Medical Technometrics, 3(1), 145–5. https://doi.org/10.5281/zenodo.14965660
  33. Reddy, B. S. H., Venkatramana, R., & Jayasree, L. (2025). Enhancing apple fruit quality detection with augmented YOLOv3 deep learning algorithm. International Journal of Human Computations & Intelligence, 4(1), 386–396. https://doi.org/10.5281/zenodo.14998944
  34. Rupal, D. R., Satasiya, D., Kumar, H., & Agrawal, A. (2016, May). Detection and prevention of ARP poisoning in dynamic IP configuration. In Proceedings of the IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT) (pp. 1240–1244).
  35. Sivakorn, S., Keromytis, A. D., & Polakis, J. (2016, October). That’s the way the cookie crumbles: Evaluating HTTPS enforcing mechanisms. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (pp. 71–81).
  36. Teixeira, P., Eusébio, C., & Teixeira, L. (2021). Diversity of web accessibility in tourism: Evidence based on a literature review. Technology and Disability, 33(4), 253–272.