"Hamster is a tool for HTTP session hijacking with passive sniffing. It eavesdrops on a network, captures the session cookies, then imports them into the browser to allow you to hijack their session. There is a more complete description in the
help section."
These tools make a great addition when performing the MITM attack I demonstrated in the SSLStrip video.
So say we got everything setup like we did in the video, we can fire these up by going to the directory they're installed in (which is /pentest/sniffers/hamster/ for BT4) then start up ferret like so "./ferret -i wlan0"
Then you can start hamster next with "./hamster" then open your browser of choice and set the proxy to "127.0.0.1 : 1234" like it says. Type hamster in the url, select your interface and there you go. Easy as that.
Download these tools with apt-get install hamster or download here
No comments:
Post a Comment