Session Hijacking with Fern Wifi Cracker

[savioboyz]

Fern Cookie Hijacker is a new feature add in Fern Wifi Cracker 1.45 ,it is a wifi based session hijacking tool able to clone remote online web sessions by sniffing and capturing wireless cookie packets from remote hosts by intercepting reachable wireless signals. It is capable of decrypting WEP encrypted packets on the fly to process session cookies transmitted over the air.





Fern cookie Hijacker comes with smart intergrated code to detect and intercept cookie packets, unlike some cookie detection engines fern cookie hijacker does not wait to collect complete cookie acknowledgement during the initial authentication process, but pulls cookies and associate them with their hosts as they are transmitted over the wireless connection, its also forges to correctness values that are not captured e.g (exipry,isSecure).

Heres a video that demonstrates how it works:

[REMOVED YOUTUBE VIDEO]


The mozilla cookie Sqlite3 database "cookies.sqlite" is no easy task comminucating with, most language api's fail to commmunicate with them due to the fact that mozilla updates their format regularly, this means that and api that is 3.1.5 compliant might not work with a 3.1.6 sqlite database thereby rendering the languages sqlite binding useless at each update..
Communicating with such database returns a deceptive "file is encrypted or is not a database" error. So i search over the internet for a reliable api but i could not find one, so i wrote this generic api by reverse engineering the mozilla firefox program using IDA Pro and OllyDBG,This platform independent api allows commuication with mozillas Sqlite databases by hooking into its DLL or SO objects (libmozsqlite3.so | mozsqlite3.dll) Hooking and using the DLL is important because using the python's sqlite3 library fails to communicate with the cookie database, and also as said earlier firefox changes its database format on each release. This api communicates with the cookie database no matter what changes are made.

API Link:

http://code.google.com/p/fern-wifi-c...cookie_core.py

THIS VIDEO AND SOFTWARE PROGRAM ARE FOR FOR EDUCATIONAL PURPOSES (MITIGATION) ONLY. TESTING IT ON NETWORKS YOU ARE NOT AUTHORIZED TO TEST IS ILLEGAL

[Snayler]

Good work! Thank you for sharing with the community, I admire that.

Cheers and keep it up!

[thad0ctor]

does the cookie hijacker work on just WEP or open networks as well?

[savioboyz]

@snayler - Thank you

@thad0ctor - You can use it on both WEP encrypted networks and open networks

[deviney]

Carnt wait to try this thanks for the release

[voidnecron]

You're making it too easy ;-)

[thad0ctor]

how does the program determine which channel to sniff? can you please make it customizable

[savioboyz]

how does the program determine which channel to sniff? can you please make it customizable

Sorry it took sometime before replying.. I have been having problems logging into my account recently.

@Thad0ctor - The program listens to all channels in promiscuous mode, if a wep key is provided, the program attempts to decrypt all encrypted packets using that provided key

@Deviney -

@voidnecron - I had to make it as easy as possible for people to use .

[aureon]

i was trying to use program when im conected on wpa2 ,and it is working and colecting cookie but in the moment conection break up and comes again ,then colectin stop ,so im asking is there an way to work when im connected on wpa2 ,
or to acess on ap and turn off wpa2 ,when is open connection works good.
thanks

[zimmaro]

after update my FERN
I noticed the presence of the function ethernet.mode (Hijacker in Cookie Hijacker) ....
is wonderful and works perfectly in my little lab ...!
much appreciated!! thanks savioboyz!