Session Hijacking
What if the user uses the "remember me" feature?
If the user uses this feature the authentication happens using the cookies and not the user and password, So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password.
apt-get install ferret-sidejack
ferret -i [INTERFACE]
hamster
Start the hamster
It works.
You can get the cookies on the victim PC and login in as the authorized user.
….
手机扫一扫
移动阅读更方便
你可能感兴趣的文章