# Module 11. Session Hijacking

Session hijacking can be either active or passive, depending on the degree of involvement of the attacker:

* **Active session hijacking**: An attacker finds an active session and takes it over
* **Passive session hijacking**: An attacker hijacks a session, and, instead of taking over, monitors and records all the traffic in that session