Sidejacking

1610 mots 7 pages
Sidejacking with Hamster and Ferret
Sidejacking is the process of sniffing cookie information, then replaying them against websites in order to clone a victim’s session. We use the term “sidejacking” to distinguish this technique from man-in-the-middle hijacking. Whereas man-in-the-middle hijacking interferes with the original session, sidejacking does not. The victim continues to use his/her session blissfully unaware that we are also in his/her account (although signs such as additional e-mails in the ‘sent’ folders might give a clue).

Sidejacking without Hamster

All you need to do in order to sidejack is sniff cookies off the wire and edit cookies. This can be done with a wide variety of tools.

You should be comfortable with using a packet-sniffer like Wireshark/Ethereal. For example, the following is a screenshot of sniffing the cookie for Slashdot:
[pic]

Another useful tool is an extension for Firefox called “Edit Cookies”. The following screens show what it looks like:

[pic]

[pic]

[pic]

Once you can make your cookies the same in the browser that you sniffed from the wire, then you have sidejacked the person’s session. Note that the above information is correct, so that you can successfully sidejack our Slashdot test account.

Installing Ferret and Hamster

These are COMMAND-LINE tools. I haven’t made an install program for them yet, so you have to do this manually.

Unzip the tools, such as into the directory C:\sidejacking.

Ferret is a command-line packet sniffer with typical options. You need to figure out which interface to use to sniff on using the “-W” command-line option:
[pic]
In the above screenshot, I want to sniff on wireless, so I would use interface #4.

There is one major problem with the Intel® PRO/Wireless 2200BG: it doesn’t do promiscuous mode. This means that unlike most other wifi adapters, you can’t use it for sidejacking. To get around this, you would need to buy a cheap USB wifi adapter (usually

en relation

  • Fiches dewerpe
    8564 mots | 35 pages
  • Tpe solleil
    3500 mots | 14 pages
  • Guide personnages f minins Skyrim
    4841 mots | 20 pages
  • Staps
    367 mots | 2 pages
  • Spoilons
    1347 mots | 6 pages
  • Tfe enquete
    357 mots | 2 pages
  • Desjeps
    1614 mots | 7 pages
  • Sponde
    292 mots | 2 pages
  • Patinage
    2276 mots | 10 pages
  • Bizutage
    605 mots | 3 pages
  • Dejeps
    344 mots | 2 pages
  • Dejeps
    869 mots | 4 pages
  • Dejeps
    755 mots | 4 pages
  • spip
    349 mots | 2 pages
  • Staps
    20051 mots | 81 pages