Session prediction is an attack technique used to hijack or impersonate a web or application user. The attack focuses on predicting session ID values that permit an attacker to bypass the authentication method of an application. By analyzing and understanding the session ID generation process, an attacker can predict a valid session ID value and get access to the application.
To achieve this an attacker needs to collect some valid session ID values that are used to identify authenticated users. Then, the attacker must understand the structure of session ID, the information that is used to create it, and the encryption or hash algorithm used by the application to protect it. By studying the characteristics of the session ID the attacker can predict legitimate session IDs.
In addition, the attacker can implement a brute force technique to generate and test different values of session ID until they successfully get access to the application. The attacker can then use the falsified session ID to access the target system.