The Game Posted October 7, 2009 Share Posted October 7, 2009 Ive just started using network hacking tools such as cain to do ARP Poisining & nmap/wireshark for scanning and sniffing so this question might be and easy answer Ive been using Ferret & Hamster to sidejack cookies and steal sessions on my home network, ive browsed to Facebook, Gmail, Steam Games website, Ebay etc and so far the only ones that work are - Face book - Steam Powered - Gmail Why doesn't Ebay & MySpace work? MySpace doesn't have any SSL on it at all from what i can see, Ebay has an SSL login but the pages after that use some sort of .dll in the page header. Is there something different that these sites do that stop me from side jacking them ? Also tried Cain to sniff passwords but they dont appear in cleartext and i cant send them to the cracker im assuming because they are passwords actually on the internet and not on my home network ? Quote Link to comment Share on other sites More sharing options...
knoppy Posted October 7, 2009 Share Posted October 7, 2009 Hi Game Im so sorry , im just curious about something and i wanted to ask you , I have ferret and hamster running everything looks fine , Expect when i click on the cloned ip via hamsters console the pages it wont load up . is there any other settings or configuration that i need to take note off . Please advise bro Once again sorry Quote Link to comment Share on other sites More sharing options...
The Game Posted October 8, 2009 Author Share Posted October 8, 2009 Once you set your proxy up as 127.0.0.1 and your hamster.txt file is being populated with cookie data you should see all those cookies in hamster under an IP. Refresh the page every 1min or so and they will update with new cookies that IP has been visiting. You need to look for the right cookie. Gmail is http://mail.google.com/mail or something like that Steam Games is https://store.steampowered.com/login/ even tho its HTTPS its not secure on the other side so its vulnerable Or... https://addons.mozilla.org/en-US/firefox/addon/13793 is a great cookie editor. Open Hamster.txt and find the login cookie for a website and recreate it in the cookie editor, and you should be able to steal the session that way. You need to test it with someone just going to one website, so you can learn what to look for and what cookies you need. I found it works best when you capture someones cookies right from when they login instead of halfway through. Going back to my question Myspace & Hotmail are causing me some problems, i can get the hotmail cookie to save the email address but it still asks me for a password to login, is there some cookie that i need to use in conjunction with the login cookie? Or a browser issue ie me on firefox and my pc on IE ? Any help would be much appreciated as ive been testing this for days with my laptop and my home pc right next to each other and still cant get it to work. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.