Wednesday, 18 January 2017

Session Hijacking (MITM for cookies-side jacking)

Session Hijacking (Cookie Hijacking) using Ettercap, Ferret and Hamster



 Steps and instructions - 


Hey guys whats up -

We will do a Session Hijacking today.... 

First we want to know what is this process ???

Session Hijacking aka Cookie Hijacking - In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session. Sometimes also called a session key is to gain unauthorized access to information or services in a computer system.

Requirements to conduct this penetration testing - 

* Kali Linux
*Inbuilt tools in Kali - Ettercap, Ferret and Hamster.
*A target machine.

Lets do this - 

* Set up Man In The Middle Attack vectors (Tools needed to do this hack)

* Run Ettercap - open a terminal and type "ettercap -G"

This will give us a graphical interface for ettercap tool 


It will give you a graphical interface like this 


Now select sniff from the menu 
And select Unisniff 


Then you have to select the network interface. Mine is eth0. If you don't know you default interface, open another terminal and type in "ifconfig". This will show you your interfaces. 


Now from the menu again select "hosts"
And "select scan for hosts"


It will scan for hosts in the network and give results at the bottom


Now select "Mitm"
And "ARP poisoning" from the sub menu


It will show you an option tab. Make sure the first option is check marked ie "sniff remote connections"


Just start the sniffing process from the start menu at the top





Now the ettercap is setup. Just minimize it and open a new terminal.

Now we want to run Ferret tool.

So say "ferret -i eth0" inside the new terminal and hit enter.


Just minimize this tool as it will do its work.

Now we want to run Hamster.

Open another terminal and type in "hamster"


This will listen to the loopback IP ie 127.0.0.1 and port 1234.

Great, now we will open IceWeasle browser and in the URL tab enter the loopbak IP and port number ie 127.0.0.1:1234



This will open a web interface for Hamster. 

Now we need to set the adapters. At the top we get an option as 'adapters'. Set it to eth0 by clicking on it.


After some time, you will get some IP addresses at the bottom of the page. One of them is your target IP address. 



I have a windows machine running in my network. Which is my target system. Lets check the IP address if it has been detected.


Yes it has detected. Now click on that IP address in the Hamster web interface to see the cookies and sessions.

(I will open a browser in the target machine to see if Kali gets to sniff the home URL)


This will be showed after you click on the IP. Some cookies. Click on a cookie to see what the target is using or doing in the network.


Note that I had opened a browser (internet explorer) and it is showing the URl which it has opened.

You will get a lot of cookies. They are the sessions in which the target is into.

If the target is using chat websites, you can take a peek inside their messages. 

Ok guys, thanks for reading the tutorial. 

Have a safe hack.


You may want to see my other tutorials - 

















4 comments:

  1. dude can get password [router hacking]

    ReplyDelete
    Replies
    1. i am on making a tutorial on hacking random home routers. wait for it to come. the topic is pretty awesome

      Delete
  2. Hi do you set both of your kali and windows 7 to host only mode ?

    ReplyDelete
  3. Hello guys. I am new with linux and i am getting this error whenever i run this. hamster execle(ferret) no such file or directory.

    The hamster and ferret exec are both in the usr/applications dir . Tried creating a symlink but command is not working. Can you please advise what i should try.

    ReplyDelete