Session Hijacking

What if the user uses the "remember me" feature?

If the user uses this feature the authentication happens using the cookies and not the user and password, So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password.

apt-get install ferret-sidejack


ferret -i [INTERFACE]

hamster

Start the hamster

It  works.

You can get the cookies on the victim PC and login in as the authorized user.

....

Ethical Hacking - NETWORK PENETRATION TESTING(18)的更多相关文章

  1. Ethical Hacking - NETWORK PENETRATION TESTING(15)

    ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of ...

  2. Ethical Hacking - NETWORK PENETRATION TESTING(22)

    MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administa ...

  3. Ethical Hacking - NETWORK PENETRATION TESTING(14)

    MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most danger ...

  4. Ethical Hacking - NETWORK PENETRATION TESTING(13)

    Nmap Nmap is a network discovery tool that can be used to gather detailed information about any clie ...

  5. Ethical Hacking - NETWORK PENETRATION TESTING(12)

    Post Connection Attacks Sophisticated attacks that can be used after connecting to the target AP. Ga ...

  6. Ethical Hacking - NETWORK PENETRATION TESTING(11)

    Securing your Network From the Above Attacks. Now that we know how to test the security of all known ...

  7. Ethical Hacking - NETWORK PENETRATION TESTING(10)

    WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main is ...

  8. Ethical Hacking - NETWORK PENETRATION TESTING(8)

    WEP Cracking Basic case Run airdump-ng to log all traffic from the target network. airodump-ng --cha ...

  9. Ethical Hacking - NETWORK PENETRATION TESTING(7)

    Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking W ...

随机推荐

  1. 10 种常用 Matplotlib 图的 Python 代码

    前言 本文的文字及图片来源于网络,仅供学习.交流使用,不具有任何商业用途,版权归原作者所有,如有问题请及时联系我们以作处理. 喜欢的朋友欢迎关注小编,除了分享技术文章之外还有很多福利,私信“资料”可以 ...

  2. 一文带你了解Redis持久化完整版本

    本文讲解知识点 持久化的简介 RDB AOF RDB与AOF的区别 持久化应用场景 对于持久化这个功能点,其实很简单没有那么复杂 演示环境 centos7.0 redis4.0 redis存放目录:/ ...

  3. Redis快照原理详解

    本文对Redis快照的实现过程进行介绍,了解Redis快照实现过程对Redis管理很有帮助. Redis默认会将快照文件存储在Redis当前进程的工作目录中的dump.rdb文件中,可以通过配置dir ...

  4. 13.DRF-版本

    Django rest framework源码分析(4)----版本 版本 新建一个工程Myproject和一个app名为api (1)api/models.py from django.db imp ...

  5. 不同类型数据库中LIKE语句使用

    不同数据库的LIKE语句使用略有差别,这里记录一下: Oracle数据库: SELECT *FROM userWHEREname LIKE CONCAT('%',#{name},'%')或SELECT ...

  6. SpringCloud 入门(三)

    前文我们介绍了简单的创建一个客户端,并介绍了它是如何提供服务的,接下来介绍它的另外一个组件:zuul. zuul 提供了微服务的网关功能,通过它提供的接口,可以转发不同的服务,可以当作一个中转站. 搭 ...

  7. Refresh Java

    当你的知识来源于实践, 你可能会忽略很多细节. 当你的知识来源于阅读, 你可能会很快的忘掉. 那么, 不如在空闲之余, 浏览一遍, 把觉得有必要的记录下来, 也便于以后温故而知新, 何乐而不为呢? 于 ...

  8. laravel --- composer install之后,项目没有vender目录

    composer install之后,项目没有vender目录 1. 原因一:PHP版本过低 PHP版本需要7.1以上,目前使用的是7.0.23

  9. Markdown语法说明及测试一览表

    标题: Markdown语法说明及测试一览表 作者: 梦幻之心星 347369787@QQ.com 标签: [Markdown, Typora, Markdown_Nice, CSS] 目录: [Ma ...

  10. 暑假集训日记Day xx

    Day 1 6.23 今天算是第一天吧 (毕竟昨天被迫做了半天苦力) 充实而丰满的一天:上午做题 下午讲题 晚上改错(考试是原题和我会做有什么关系吗) 早起跑操还阔以(比之前距离短就很快乐) 然后练了 ...