• 26,769
  • +1,026
  • 3,010
Session Hijacking Using Hamster and Ferret

Session Hijacking Using Hamster and Ferret

Bookmark

This Session Hijacking Using Hamster and Ferret is another side of session hijacking. Previously I have already write how to do session hijacking in my other page about Firesheep HTTP Session Hijacking Tools that tools running on Mac OS.X and Windows Environment. Below I will use Hamster sidejacking in Linux. Hamster also available in Windows as a binary.

HTTP Session Hijacking

HTTP session hijacking is where the hacker grabs your “session cookies”. Your session with the web server is identified with a unique cookie. This cookie is sent to your browser at the start of the session, and your browser echos it back from that point forward.

Ferret

This tools use to grab session cookies, running in the background process to capturing session cookies that pass the network at port 80.

Hamster

This tools work as a proxy server to manipulate every data that has been grabbed by Ferret.

Todo

1. You need to download Hamster.

mediafire.com

2. Download, extract and build your hamster.

Go to hamster/build/gcc4/ folder and run make command(see picture below).

Session Hijacking Using Hamster and Ferret

In your bin folder there should be a new hamster application.

Now, you also need to build your ferret(if you using Backtrack 5 R1 it’s already inside /pentest/sniffers/hamster/).

Go to ferret/build/gcc4/ folder and run make command(do the same with above step). In your bin folder there should be a new ferret application.

Copy your ferret and put together with hamster(see picture below).

Session Sidejacking Using Hamster and Ferret

That’s it how to build your hamster and ferret, now we will continue to the next step to set up the application to do sidejacking.

 

3. Hamster also work in wireless interface so you can choose which interface you will capture.

4. Running Hamster with command ./hamster on the terminal where Hamster located.

Session Hijacking Using Hamster and Ferret

5. Open your browser and open http://127.0.0.1:1234.

Session Hijacking Using Hamster and Ferret

6. This is how Hamster looks like and you need to configure the network adapter. Click the adapter menu to choose network adapter.

7. In this page you should determine which adapter you will use to sniff the network. You can use ifconfig command to know your network adapter (example : wlan0 –> for wireless).

Session Hijacking Using Hamster and Ferret

8. After you submit the query, now Ferret working in the background and capturing every cookie that pass the network adapter. When it’s success, just click the link on the left side to view the page as others.

Session Hijacking Using Hamster and Ferret

That’s it. I hope you can use this tutorials in a good way ๐Ÿ™‚ if any question, you can contact me or drop some comment.

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • TheObserver

    Hello ,
    ur Amazing but the Website: http://hamster.erratasec.com/help/index.html
    How to Build a Hamster is down , can u reupp the tutorial i thank u.
    And hope u will never stop to explain things like that ๐Ÿ™‚

    • v4L

      #TheObserver
      Em actually I’m forget too how to rebuild it..LoL, but maybe you can try
      make install

  • Name

    I can't download the OS X version and I also cannot view the How to Build.

    • v4L

      #Name
      maybe the website down…

  • v4L

    #all

    I already update the tutorial, please see it about how to build hamster and also the download link for hamster.

  • RK

    if i want to hijack a person cookie who is in other country than ?

  • plagiator

    Joseph Muniz is the author of your tutorial, you just copied the content from his book ‘Web Penetration Testing With Kali Linux’…

    • v4L

      @plagiator
      I hope the people you describe in your comment is writing his book 5 years ago ๐Ÿ™‚ because I wrote this tutorial 4 years ago… ๐Ÿ™‚

  • Clickeh

    ferret gives me a fatal error please help.

    gcc -g -I. -I../../src -I../../src/include -DSTATICPCAP -Wall -c ../../src/module/pcaplive.c -o ../../tmp/pcaplive.o
    In file included from ../../src/module/pcaplive.c:26:0:
    ../../src/module/pcaplive.h:13:18: fatal error: pcap.h: No such file or directory
    #include
    ^
    compilation terminated.
    Makefile:19: recipe for target ‘../../tmp/pcaplive.o’ failed
    make: *** [../../tmp/pcaplive.o] Error 1