Jump to content

Side jacking - Ferret & Hamster


The Game
 Share

Recommended Posts

Ive just started using network hacking tools such as cain to do ARP Poisining & nmap/wireshark for scanning and sniffing so this question might be and easy answer

Ive been using Ferret & Hamster to sidejack cookies and steal sessions on my home network, ive browsed to Facebook, Gmail, Steam Games website, Ebay etc and so far the only ones that work are

- Face book

- Steam Powered

- Gmail

Why doesn't Ebay & MySpace work? MySpace doesn't have any SSL on it at all from what i can see, Ebay has an SSL login but the pages after that use some sort of .dll in the page header. Is there something different that these sites do that stop me from side jacking them ?

Also tried Cain to sniff passwords but they dont appear in cleartext and i cant send them to the cracker im assuming because they are passwords actually on the internet and not on my home network ?

Link to comment
Share on other sites

Hi Game

Im so sorry , im just curious about something and i wanted to ask you , I have ferret and hamster running everything looks fine , Expect when i click on the cloned ip via hamsters console the pages it wont load up . is there any other settings or configuration that i need to take note off . Please advise bro

Once again sorry

Link to comment
Share on other sites

Once you set your proxy up as 127.0.0.1 and your hamster.txt file is being populated with cookie data you should see all those cookies in hamster under an IP. Refresh the page every 1min or so and they will update with new cookies that IP has been visiting.

You need to look for the right cookie.

Gmail is http://mail.google.com/mail or something like that

Steam Games is https://store.steampowered.com/login/ even tho its HTTPS its not secure on the other side so its vulnerable

Or... https://addons.mozilla.org/en-US/firefox/addon/13793 is a great cookie editor.

Open Hamster.txt and find the login cookie for a website and recreate it in the cookie editor, and you should be able to steal the session that way. You need to test it with someone just going to one website, so you can learn what to look for and what cookies you need. I found it works best when you capture someones cookies right from when they login instead of halfway through.

Going back to my question :rolleyes:

Myspace & Hotmail are causing me some problems, i can get the hotmail cookie to save the email address but it still asks me for a password to login, is there some cookie that i need to use in conjunction with the login cookie? Or a browser issue ie me on firefox and my pc on IE ?

Any help would be much appreciated as ive been testing this for days with my laptop and my home pc right next to each other and still cant get it to work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...