troy7548 Posted November 19, 2009 Share Posted November 19, 2009 So I have just started to play around whith Ferret and Hamster I got it up and running. I tested it using my Laptop running windows 7, I started Ferret and went on the net and then started hamster then opened a second firefox session and it worked I could sidejack my traffic. The Problem I am running into is when I went to test this with a differnt laptop. I started up Ferret and then started the other laptop connected to the internet and browsed around. I then started hamster and opened the hamster web gui but I can not sidejack the other laptop but I saw the IP in ferret on my laptop when laptop 2 connected to the network. I have a couple of guesses of what it could be but I am not positive. 1. My laptop is 32bit running win 7 and the other one that I was trying to sidejack was 64bit running Vista (maybe it dosn't work with 64bit)? 2. My internal wireless card is a Intel card not sure on the model no. (as I am at work) and I don't think it has Atheros chipset. Anyone with some input would be most appreciated. P.S. I just tried wireshark and in the Interfaces section it lists 2 one just says Microsoft and I think it is the wireless card but in the details part it says ethernet I think. Quote Link to comment Share on other sites More sharing options...
easycheese13 Posted November 25, 2009 Share Posted November 25, 2009 So I have just started to play around whith Ferret and Hamster I got it up and running. I tested it using my Laptop running windows 7, I started Ferret and went on the net and then started hamster then opened a second firefox session and it worked I could sidejack my traffic. The Problem I am running into is when I went to test this with a differnt laptop. I started up Ferret and then started the other laptop connected to the internet and browsed around. I then started hamster and opened the hamster web gui but I can not sidejack the other laptop but I saw the IP in ferret on my laptop when laptop 2 connected to the network. I have a couple of guesses of what it could be but I am not positive. 1. My laptop is 32bit running win 7 and the other one that I was trying to sidejack was 64bit running Vista (maybe it dosn't work with 64bit)? 2. My internal wireless card is a Intel card not sure on the model no. (as I am at work) and I don't think it has Atheros chipset. Anyone with some input would be most appreciated. P.S. I just tried wireshark and in the Interfaces section it lists 2 one just says Microsoft and I think it is the wireless card but in the details part it says ethernet I think. My First Suggestion would be to run wireshark on the 32bit Machine, and then browse the net on the 64Bit machine. Can you see the traffic? Probally not. What i have noticed and i could be way off basics but the fact is that the traffic from the other machine is not blasted through the hole network and your not gonna be able to see it. If the machine your trying to see traffic from is on the wired side and your on wireless, or your both wired into the AP, then your just not going to see the traffic. I would suggest first either MITM the 64 bit machine then fire up hamster and ferret you will have better luck. Quote Link to comment Share on other sites More sharing options...
digip Posted November 25, 2009 Share Posted November 25, 2009 Cain can get the ball rolling for MITM, then let hamster and ferret do their job once you have the MITM going. Without a MITM first, you would need to be connected to a Hub to see all the traffic, and I don't think anyone is running Hubs these days in their homes or office. Routers/switches are going to send traffic only to specific addresses once they learn all the mac addresses of the devices on the network. Wireless on the other hand is different, but windows won't see all the traffic the same way Linux can in monitor mode. You would need special drivers for certain cards under windows that can do monitor mode, and there aren't that many out there that have them specifically for windows. Quote Link to comment Share on other sites More sharing options...
Ingo Posted November 26, 2009 Share Posted November 26, 2009 The reason is basicly the fact that your other latpots connection isn't going through your primary laptop (which has ferret & hamster running) so obviously they can't sniff cookies from it, I suggest you try ARP cache poisoning between your router and your target machine. Arpspoof works fine. Also BackTrack4 has all programs above (hamster, ferret and arpspoof) Hope this helped, happy hacking. Quote Link to comment Share on other sites More sharing options...
EPSILON Posted December 4, 2009 Share Posted December 4, 2009 So I have just started to play around whith Ferret and Hamster I got it up and running. I tested it using my Laptop running windows 7, I started Ferret and went on the net and then started hamster then opened a second firefox session and it worked I could sidejack my traffic. The Problem I am running into is when I went to test this with a differnt laptop. I started up Ferret and then started the other laptop connected to the internet and browsed around. I then started hamster and opened the hamster web gui but I can not sidejack the other laptop but I saw the IP in ferret on my laptop when laptop 2 connected to the network. I have a couple of guesses of what it could be but I am not positive. 1. My laptop is 32bit running win 7 and the other one that I was trying to sidejack was 64bit running Vista (maybe it dosn't work with 64bit)? 2. My internal wireless card is a Intel card not sure on the model no. (as I am at work) and I don't think it has Atheros chipset. Anyone with some input would be most appreciated. P.S. I just tried wireshark and in the Interfaces section it lists 2 one just says Microsoft and I think it is the wireless card but in the details part it says ethernet I think. A MITM attack is needed if you want to see traffic of the second laptop. Since you are using Windows 7, you could use CAIN (http://www.oxid.it) or Ettercap-NG for windows (http://sourceforge.net/projects/ettercap/). First one is easyer to use, but if you decide to use ettercap, you will have to disable IPV6 and DEP before starting the attack (ettercap will crash if you don't do it). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.