RUVIDEO
Поделитесь видео 🙏

11.3 Session hijacking tools

📁 Обучение 👁️ 18 📅 05.12.2023

11.3 Session hijacking tools
Module11 – Session Hijacking, Section 11.3 Tools.
Session hijacking tools
• Burp Suite
• OWASP ZAProxy
• Cain and Abel
• Hamster and Ferret
• JHijack
• Ettercap
• Dsniff
• Telerik Fiddler
• Firesheep
• CookieCatcher
• TamperIE
• PerJack
• Surf Jack
• Juggernaut
• Cookie Cadger
• Charles Proxy
Burp Suite or Burp is a graphical tool for testing security of Web applications.
• The tool is written in Java and developed by PortSwigger
• Its part of Kali Tools
OWASP Zed Attack Proxy (ZAP) is most popular free security tool, which automatically find security vulnerabilities in your web applications while you are developing and testing your applications.
• Its also a great tool for experienced pentesting and security testing.
Hamster is a tool for “sidejacking” and is available in Kali Linux by default.
• It acts as a proxy server that replaces cookies with session cookies stolen from somebody else, allowing you to hijack their sessions.
• Cookies are sniffed using the Ferret program which is also available by default in Kali Linux.
A Java Hijacking tool for web application session security assessment.
A simple Java Fuzzer that can mainly be used for numeric session hijacking and parameter enumeration.
Latest version /2015 released un der GNU GPLv2

http://ettercap.github.io/ettercap/
Ettercap is a comprehensive suite for man in the middle attacks.
It features sniffing of live connections, content filtering on the fly and many other interesting tricks.
It supports active and passive dissection of many protocols and includes many features for network and host analysis.
The latest Ettercap release is: 0.8.2-Ferri, Released in 2015
dsniff is a collection of tools for network auditing and penetration testing.
dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
Dsniff is written by Dug Song and stable release is 2.3 release in 2000
https://www.monkey.org/~dugsong/dsniff/
Telerik Fiddler
The free web debugging proxy for any browser, system or platform
Web Debugging, HTTP/HTTPS traffic recording, Web Application testing, Performance testing, Web session manipulation
Fiddler is an HTTP debugging proxy server application written by Eric Lawrence.
- Fiddler captures HTTP and HTTPS traffic and logs it for the user to implement man-in-the-middle interception using self-signed certificates.
- Fiddler can also be used to modify HTTP traffic for troubleshooting purposes as it is being sent or received.
Firesheep is Firefox extension that uses a packet sniffer to intercept unencrypted session cookies from websites
– The plugin eavesdrops on Wi-Fi communications, listening for session cookies. Detects a session cookie and capture session id
– The collected identities are displayed in a side bar in Firefox and by clicking on a victim's name, the victim's session is taken over by the attacker.
– CookieCatcher is an open source application exploits XSS (Cross Site Scripting) vulnerabilities within web applications to steal user session IDs (aka Session Hijacking).
– https://github.com/DisK0nn3cT/CookieCatcher
TamperIE is a simple Internet Explorer Browser Helper Object which allows lightweight tampering of HTTP requests from Internet Explorer 5 and above.
https://packetstormsecurity.com/files/86809/
PerJack is a TCP Session Hijack tool written in Perl. It does a man-in-the-middle attack, displays all active sessions and takes over the selected TCP session.
Surf Jack - https://github.com/EnableSecurity/surfjack –
It is able to hijack the cookie for various sites (some of which make use of HTTPS) and allows the tester to login as the victim.
Juggernaut is a network sniffer used for session hijacking. It runs on Linux versions only.
Beyond Security offers networking testing tools and vulnerability scanner
Charles Proxy
Charles Web Debugging Proxy is a cross-platform HTTP debugging proxy server application written in Java.
View HTTP, HTTPS, HTTP/2 and enabled TCP port traffic including HTTP headers and metadata (e.g. cookies, caching and encoding information)
Stable release 4.2 / 2017
Features
• Network message analysis
• XML, JSON, SOAP interpretation.
• HTML, CSS, JavaScript viewers
• SSL debugging.
• Bandwidth throttling
• Flash development aids.
• Debugging HTTP connections from mobile devices
• Remote file debugging
• Debugging aids.
• Validation function.
DroidSheep is an android tool for web session hijacking (sidejacking) captures session id by listening to the wireless conversations.
– The apk was made available on Google Play but it has been taken down by Google.

Что делает видео по-настоящему запоминающимся? Наверное, та самая атмосфера, которая заставляет забыть о времени. Когда вы заходите на RUVIDEO, чтобы посмотреть онлайн «11.3 Session hijacking tools», вы рассчитываете на нечто большее, чем просто загрузку плеера. И мы это понимаем. Контент такого уровня заслуживает того, чтобы его смотрели в HD 1080, без дрожания картинки и бесконечного буферизации.

Честно говоря, Rutube сегодня — это кладезь уникальных находок, которые часто теряются в общем шуме. Мы же вытаскиваем на поверхность самое интересное. Будь то динамичный экшн, глубокий разбор темы от любимого автора или просто уютное видео для настроения — всё это доступно здесь бесплатно и без лишних формальностей. Никаких «заполните анкету, чтобы продолжить». Только вы, ваш экран и качественный поток.

Если вас зацепило это видео, не забудьте взглянуть на похожие материалы в блоке справа. Мы откалибровали наши алгоритмы так, чтобы они подбирали контент не просто «по тегам», а по настроению и смыслу. Ведь в конечном итоге, онлайн-кинотеатр — это не склад файлов, а место, где каждый вечер можно найти свою историю. Приятного вам отдыха на RUVIDEO!

Видео взято из открытых источников Rutube. Если вы правообладатель, обратитесь к первоисточнику.