Ethical Hacking: Hacker Tools for Hijacking a Session

Transcription

When I’m looking to actually commit a session hijacking attack, I want to use as many pre-made tools as I possibly can because that makes my life easier, and makes my job much faster and more efficient. Typically, I’ll look to run vulnerability scanning tools against the server to find out whether any of the automated tools, (and there are several, Metasploit probably being the biggest one), whether there are any known vulnerabilities in the web server that allow session hijacking. I’ll also potentially try to infect the client with browser based malware or system based malware that will allow me to hijack a session, allow me to steal cookies automatically, or just grab sessions midstream. It will possibly allow me to install a root certificate so I can make it look like there’s a SSL connection going on, when it’s actually an SSL that’s proxied by my nefarious proxy in the middle.

Middle Proxy Tools

There are a number of different man in the middle proxy tools. Most of them concentrate on being able to get man in the middle through a proxy, and then modify the data, or just sniff. Sniffing is certainly the easiest and most straightforward, and oftentimes gives you everything you need. There are many websites and many apps that actually establish some type of secure connection, and then transmit a lot of data in the clear that you can use later for attacks.

Social Engineering

Finally, we have social engineering. Shoulder surfing or asking someone to send you a URL for a site that they’re visiting are the kinds of things that play into this type of attack well. Redirecting someone to a website that can install some of this client side malware for you can also work. This makes your job a lot easier.