--- We are intercept the traffic between server and client
--- A session hijacking attack refers to the exploitation of session token generation
--- Attacker can guess or steal valid session ID (which identify authenticated users ) and establish connection with server
1. Session Hijacking Using the Zed Attack Proxy
Tool : ZAP -- OWASP zed attack proxy
--- It finding vulnerability in web applications
--- It have automated scanner as well as tools that allow find security vulnerabilities manually
--- ZAP is a intercepting proxy like burpsuite all request and responce recieve from it
--- Intercept the Traffic between server and client
---> Open the window and launch the chrome browser to customize and control google chrome and click setting
---> open a proxy setting and click Connections and LAN setting
---> In the Address feild type attacker ip (Windows) address and 8080 port click OK and close the browser
---> Open a ZAP tool and click the tools go to options then select local proxies and in address type windows IP address and set port default
---> Set Break the all request and responces
--> Enter in attacker machine and go in chrome and type movie website address and enter
---> Replace movie website to shopping website in all GET request captured Break tab. once you replace GET Request click Submit and Step to next request or response
--> When we observe movie website replace in shopping website
