Backtrack Series – 12: Session Hijacking for Secure Websites
In this tutorial we will hijack a live session so that we can have the same priviliges of the account without having any information about the username and password. We will start by redirecting the secure traffic to an insecure server using SSLStrip, next we use ferret to extract cookies from the traffic and then we will use hamster to inject the cookies in the browser
For more information, please check:
Duration : 0:5:39
Incoming search terms for the article:
- backtrack facebook
- wifizoo tutorial
- facebook session hijacking
- backtrack cookie
- session hijacking facebook
- facebook session hijack
- backtrack sslstrip
- facebook backtrack
- session hijacking backtrack
- Session hijacking backtrack 4
4 Responses to “Backtrack Series – 12: Session Hijacking for Secure Websites”
Leave a Reply
|
Thnx for your reply …
Thnx for your reply
1- I didn’t try wifizoo before. But the aim of my tutorials is to provide more than one approach for the same problem, as some people told me that wifizoo didn’t work for them
2- grep for what? Cookie hijacking is not about getting the username and password. It’s rather about fooling the server into thinking that you are the one who logged to the server, without even providing any username and password.
Why ferret and …
)
Why ferret and hamster? I thought wifizoo was able to do both of this (I’m probably wrong
Also I normally log everything I capture to a file and then grep what I want. I don’t see any advantages to using cookies, care to explain please? Very good video!
is the rouge ap …
is the rouge ap step necessary? or is it just to show a way of getting on the same network as the victim?
also i noticed you have ettercap running, your just using that with sslstrip right?
excellent video! …
excellent video! please make more! There is so little information out there THIS CLEAR about backtrack and all its features.
Thumbs up!