Ethical Hacking - NETWORK PENETRATION TESTING(18)
阅读原文时间:2023年07月10日阅读:1

Session Hijacking

What if the user uses the "remember me" feature?

If the user uses this feature the authentication happens using the cookies and not the user and password, So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password.

apt-get install ferret-sidejack

ferret -i [INTERFACE]

hamster

Start the hamster

It  works.

You can get the cookies on the victim PC and login in as the authorized user.

….

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器