thefatmoop Posted December 11, 2008 Posted December 11, 2008 So recently I installed a windows virtual machine just to play around with o.o I was able to get hamster and ferret to work seemingly fine. On the left side though on the "instances" whenever I click on ANY of the links /sessions/cookies it asks me to save a file... how do i get into my open gmail account? Quote
H@L0_F00 Posted December 11, 2008 Posted December 11, 2008 So recently I installed a windows virtual machine just to play around with o.o I was able to get hamster and ferret to work seemingly fine. On the left side though on the "instances" whenever I click on ANY of the links /sessions/cookies it asks me to save a file... how do i get into my open gmail account? moving this to the Jasager forum would probably get you more help Quote
digip Posted December 11, 2008 Posted December 11, 2008 moving this to the Jasager forum would probably get you more help hamster and ferret are not parts of the Jasagar, although, I can see where you are going with this. They can be used stand alone with any other programs that allow you to sniff traffic of another user. I personally use cain forwindows in combo with them to establish a MITM to get them to see all the traffic. As for clicking on session cookies links themselves, you should only need to click the links that go the the site itself, as hamster and ferret will do the rest to log you in and send the cookie from your pc to the site. I never got any links to try to send me a file while using it. Maybe don't click on the links that have /session/cookies in them, as it could be trying to send you the cookie itself. Instead, just click any link to google or gmail on that left side of the menu once you have logged into gmail on one of the mahcines hamster and ferret are monitoring. They can see the login cookies during the session but not sure what will happen under an https session. If google sends the cookies in the clear at some point of the session, then you should be able to login no problem. Quote
thefatmoop Posted December 11, 2008 Author Posted December 11, 2008 that's interesting. Maybe it's firefox3 because I set up the proxy, and i saw that both programs were getting cookies. I just have absolutely no luck with cookie programs lol WifiZoo never worked for me Quote
digip Posted December 12, 2008 Posted December 12, 2008 that's interesting. Maybe it's firefox3 because I set up the proxy, and i saw that both programs were getting cookies. I just have absolutely no luck with cookie programs lol WifiZoo never worked for me Maybe you just don't have everything set up right?? Quote
Machstorm Posted December 12, 2008 Posted December 12, 2008 Does anyone know if a hamster and Ferret program exist for Linux? I tried to do a search for such, but with no success. Quote
digip Posted December 12, 2008 Posted December 12, 2008 Does anyone know if a hamster and Ferret program exist for Linux? I tried to do a search for such, but with no success. Nope. Try Wifizoo. Quote
thefatmoop Posted December 12, 2008 Author Posted December 12, 2008 yeah wifizoo is basically same thing only no mitm.. rather u need network card compatible to go into monitor mode $iwconfig iface mode monitor as for hamtaro i'll try it with using something other than ferret to mitm (i'm also doing all this inside a VM with bridged networking) Quote
digip Posted December 13, 2008 Posted December 13, 2008 Something I found but havent tried for linux: http://code.google.com/p/surfjack/ Might be of use to somebody looking to try hamster and ferret, but are on linux and need an alternative. Quote
runkittyrun Posted December 14, 2008 Posted December 14, 2008 i belive the cookies + the IP address the connection is coming from is compared by the servers, so say you got a valid cookie with wifizoo from someone conencted to AP other than your own then used that cookie to connect threw your connection with different IP it won't match, after getting the cookies with wifizoo did you switch out monitor mode and conenct to the AP? Quote
thefatmoop Posted December 15, 2008 Author Posted December 15, 2008 wifizoo: No, I was never able to see anything other than APs / clients... My network card was in monitor mode. I really think it's my wifi card, so i'm going to try a different one that is supported. i bet ur right on the part where if u grab cookies and use a different internet ip the cookies prob won't work. as for hamster i'll try using it with cain as the mitm. Quote
digip Posted December 15, 2008 Posted December 15, 2008 wifizoo: No, I was never able to see anything other than APs / clients... My network card was in monitor mode. I really think it's my wifi card, so i'm going to try a different one that is supported. i bet ur right on the part where if u grab cookies and use a different internet ip the cookies prob won't work. as for hamster i'll try using it with cain as the mitm. Ferret doesn't do MITM. If you are using cain, you still need Ferret and Hamster running together. One creates the log file for the other to work from. Cain just make sit so Ferret can see the cookies and write them, while hamster does the proxy for yoru browser and the session hijack. Quote
DingleBerries Posted December 17, 2008 Posted December 17, 2008 Python keeps complaining about "con.fig" not defined or something so i gave up.. also couldnt find scap.py, wasnt sure if it was in the scapy source.. Maybe a nice person will upload a good copy of it, i can edit the device and what not. Quote
thefatmoop Posted December 18, 2008 Author Posted December 18, 2008 what program are you talking about? wifizoo, surfjack, or hamtaro? Quote
DingleBerries Posted December 18, 2008 Posted December 18, 2008 what program are you talking about? wifizoo, surfjack, or hamtaro? wifizoo Quote
thefatmoop Posted December 20, 2008 Author Posted December 20, 2008 wifizoo use backtrack for starters Quote
DingleBerries Posted December 20, 2008 Posted December 20, 2008 use backtrack for starters lol you just gave me a good idea, im just going to boot into it and copy the script there :P.. didnt think about that. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.