Sidejacking
Sidejacking is the process of sniffing cookie information, then replaying them against websites in order to clone a victim’s session. We use the term “sidejacking” to distinguish this technique from man-in-the-middle hijacking. Whereas man-in-the-middle hijacking interferes with the original session, sidejacking does not. The victim continues to use his/her session blissfully unaware that we are also in his/her account (although signs such as additional e-mails in the ‘sent’ folders might give a clue).
Sidejacking without Hamster
All you need to do in order to sidejack is sniff cookies off the wire and edit cookies. This can be done with a wide variety of tools.
You should be comfortable with using a packet-sniffer like Wireshark/Ethereal. For example, the following is a screenshot of sniffing the cookie for Slashdot:
[pic]
Another useful tool is an extension for Firefox called “Edit Cookies”. The following screens show what it looks like:
[pic]
[pic]
[pic]
Once you can make your cookies the same in the browser that you sniffed from the wire, then you have sidejacked the person’s session. Note that the above information is correct, so that you can successfully sidejack our Slashdot test account.
Installing Ferret and Hamster
These are COMMAND-LINE tools. I haven’t made an install program for them yet, so you have to do this manually.
Unzip the tools, such as into the directory C:\sidejacking.
Ferret is a command-line packet sniffer with typical options. You need to figure out which interface to use to sniff on using the “-W” command-line option:
[pic]
In the above screenshot, I want to sniff on wireless, so I would use interface #4.
There is one major problem with the Intel® PRO/Wireless 2200BG: it doesn’t do promiscuous mode. This means that unlike most other wifi adapters, you can’t use it for sidejacking. To get around this, you would need to buy a cheap USB wifi adapter (usually