Ethical Hacking - NETWORK PENETRATION TESTING(18)

Session Hijacking

What if the user uses the "remember me" feature?

If the user uses this feature the authentication happens using the cookies and not the user and password, So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password.

apt-get install ferret-sidejack

ferret -i [INTERFACE]

hamster

 

 

 

Start the hamster

 

 It  works.

 

 You can get the cookies on the victim PC and login in as the authorized user.

....