Ethical Hacking - NETWORK PENETRATION TESTING(18)
Session Hijacking
What if the user uses the "remember me" feature?
If the user uses this feature the authentication happens using the cookies and not the user and password, So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password.
apt-get install ferret-sidejack
![](https://img2018.cnblogs.com/blog/347404/201912/347404-20191208200003721-2073867470.png)
ferret -i [INTERFACE]
hamster
Start the hamster
It works.
You can get the cookies on the victim PC and login in as the authorized user.
....
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。