A browser pivot is a way to inherit a user's identity by forcing their browser to fulfill requests for an attacker. This attack gets cookies, session cookies, HTTP authentication, and even SSL sessions authenticated with a client SSL cert.