Session hijacking on lan
Read Time2 Minutes, 21 Seconds

Welcome to hacking a rise I’m the Laughing man in this post is to show you session hijacking wile on LAN when i mean LAN this can be a public network or your own i will be using my home network as i dont wanna brake any laws so the tools need is Ettercap,hamster,ferret (thank god most these are install on Kali Linux whoop whoop were is ferret is installed on kali 32 bit only ) this is a handy way to gain password usernames and credit card info
so now lets move on .

What is session hijacking

session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.

What is ettercap

Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN. It can be used for computer network protocol analysis and security auditing. It runs on various Unix-like operating systems including Linux, Mac OS X, BSD and Solaris, and on Microsoft Windows.
Find out more

What is hamster

It acts as a proxy server that replaces your cookies with session cookies stolen from somebody else, allowing you to hijack their sessions. Cookies are sniffed using the Ferret program.
Find out more

What is ferret

It grabs session cookies that travel across the LAN. Hamster is a proxy that “manipulates” everything grabbed by Ferret.

installing ferret

So im using a 64 bit os of kali so im going have to install ferret as its not installed on kali 64 bit only 32 bit so open terminal and type dpkg --add -architecture i386 && apt-get update && apt install ferret-sidejack:i386 If you have a 32 version of kali skip this step
Hacking A Rise installferret-226x300 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

Starting the attack

So now we can start are attack so go to applications down to sniffing and spoofing
Hacking A Rise Screenshot-from-2019-06-19-16-01-55-300x188 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

start ettercap pick the interface you want to use since I’m using WiFi I’m picking wlan0 the go to host and scan for hosts click the host list and add them to target or dont now go to mitm and click arp poisoning and click sniff remote connection
Hacking A Rise Screenshot-from-2019-06-19-16-03-50-300x188 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

Now we load up ferret open a terminal and type ferret -i wlan0
Hacking A Rise ferret-300x287 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

now open a new terminal and start hamster by just typing hamster
Hacking A Rise hamster-300x127 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

Copy the link and pasted it to Firefox
Hacking A Rise firefoxhammster-300x259 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

no you see the target to see the cookies click on the ip and it take you to the cookies

Hacking A Rise cookies-o-300x192 Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

Disclimer

listen to me lads
Hacking a rise dose not take responsibility for any actions or harm inflicted by you as this is purely for educational reasons Two show how easy it is for a hacker to gain your password, usernames , credit card info wile on public networks.

hope you enjoyed this lads gud luck and happy hacking

laughing man

0 0
Hacking A Rise b57300e9e62f2b0295a138eefa166abf?s=400&is-pending-load=1#038;d=mm&r=g Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials   Hacking A Rise b57300e9e62f2b0295a138eefa166abf?s=400&d=mm&r=g Session hijacking on lan sniffing and spoofing FEATURED Pentesting Tutorials

About Post Author

Laughingman

Hi im the laughing man im a pentester and the owner of Hacking a rise
0 %
Happy
0 %
Sad
0 %
Excited
0 %
Angry
0 %
Surprise
pentester
Hi im the laughing man im a pentester and the owner of Hacking a rise

Leave a Reply

Your email address will not be published.