How to Hijack a Session
Session Hijacking, also known as cookie hijacking is the exploitation of a valid computer session. Sometimes also called a session key, the purpose is to gain unauthorized access to information or services in a computer system.
Disclaimer: Before I go over the steps to do this I’d like to note that attacking someone’s network, computer or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular attackers (Anonymous) have either been or currently are in Federal prison. Do not be unethical.
* Kali Linux
*Tools – Ettercap, Ferret and Hamster.
*A target machine.
We need to set up Man In The Middle Attack vectors with our lucky tools.
Run Ettercap – open a terminal and type “ettercap -G”. This will give us a graphical interface for Ettercap.
Select sniff from the menu then select Unified sniffing.
Select the network interface. Mine is eth0. If you don’t know you default interface, open another terminal and type in “ifconfig”. This will show you your interfaces.
Now from the menu again select “hosts” and “select scan for hosts”. It will scan for hosts in the network and give results at “hosts list”.
Select all the MAC addresses and add them to ‘Target 1″.
Select “Mitm” and then “ARP poisoning” from the sub menu.
It will show you an option tab. Make sure the first option is check marked ie “sniff remote connections”. Just start the sniffing process from the start menu at the top.
Ettercap should be set up correctly. Just minimize it and open a new terminal.
Time to start Ferret – Open a new terminal windows and type “ferret -i eth0. Press enter.
Now we want to run Hamster. Open another terminal and type in “hamster”. This will listen to the loopback IP ie 127.0.0.1 and port 1234.
Great, now we will open a browser and in the URL tab enter the loopbak IP and port number ie 127.0.0.1:1234 in the browser’s proxy settings. This will open a web interface for Hamster.
Now we need to set the adapters. At the top we get an option as ‘adapters’. Set it to eth0 by clicking on it. After some time, you will get some IP addresses at the bottom of the page. One of them is your target IP address.
I have a windows machine running in my network. Which is my target system. It has been detected, as should yours.
Click on that IP address in the Hamster web interface to see the cookies and sessions. This will be shown after you click on the IP.
Click on a cookie to see what the target is using or doing in the network. You will get a lot of cookies. They are the sessions in which the target is into. If the target is using chat websites, you can take a peek inside their messages.
You’re done and you have hopefully now successfully hijacked a session and cookies! Don’t you feel smart now..