11.3 Session Hijacking Tools

The document discusses session hijacking tools including Burp Suite, Firesheep, CookieCatcher, Cain and Abel, and DroidSheep. Firesheep is a Firefox extension that intercepts unencrypted session cookies for websites. CookieCatcher is an open source tool that uses XSS vulnerabilities to steal user session IDs. DroidSheep is an Android tool that captures session IDs by listening to wireless conversations.

Uploaded by

Christopher Agbagba

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

736 views

11.3 Session Hijacking Tools

Uploaded by

Christopher Agbagba

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 20

CBTU presents Ethical Hacker training course based on

Module 11: Session hijacking

Section 11.3 : Session hijacking tools

Note: All the logos, trademarks are copyrights of the respective companies. CEH is the trademark of EC-Council (www.eccouncil.org).
Caution: Ethical Hacker course is for educational purpose only and NOT to be used for unethical, illegal and malicious
activities. All over the world Cyber Laws enforce strict punishments for violation of ethics, gaining unauthorized access to
any computer system/network and related illegal activities.
Session hijacking tools
• Burp Suite • Firesheep
• OWASP ZAProxy • CookieCatcher
• Cain and Abel • TamperIE
• Hamster and Ferret • PerJack
• JHijack • Surf Jack
• Ettercap • Juggernaut
• Dsniff • Cookie Cadger
• Telerik Fiddler • Charles Proxy
Firesheep
Firesheep is Firefox extension that uses a packet
sniffer to intercept unencrypted session cookies
from websites
– The plugin eavesdrops on Wi-Fi communications,
listening for session cookies. Detects a session cookie
and capture session id
– The collected identities are displayed in a side bar in
Firefox and by clicking on a victim's name, the victim's
session is taken over by the attacker.
CookieCatcher
CookieCatcher is an open source application
exploits XSS (Cross Site Scripting) vulnerabilities
within web applications to steal user session IDs
(aka Session Hijacking).
https://github.com/DisK0nn3cT/CookieCatcher
CookieCatcher - features
• Prebuilt payloads to steal cookie data
• Just copy and paste payload into a XSS vulnerability
• Send email notification when new cookies are stolen
• Refresh cookies every 3 minutes to avoid inactivity timeouts
• Provides full HTTP requests to hijack sessions through a proxy
• Attempt to load a preview when viewing the cookie data
• PAYLOADS
– HTTPONLY evasion for Apache CVE-20120053, Basic AJAX Attack etc.
Other Tools
DroidSheep is an android tool for web session
hijacking (sidejacking) captures session id by
listening to the wireless conversations.
– The apk was made available on Google Play but it
has been taken down by Google.
Thanks for watching
Visit us at: CBTUniversity.com
Write to us at: [email protected]
Reach us at:  +91 963 246 5599

Anonymous RAT Setup For Dummies PDF
No ratings yet
Anonymous RAT Setup For Dummies PDF
1 page
HP G56 - G42 - G62 Schematics Â - Compaq Presario CQ56 - CQ62 Schematics Â - 31AX2MB00D0 Â - DA0AX2MB6E0 Â - DA0AX2MB6E1 Â - AX2 - AX7 Motherboard Schematics
25% (4)
HP G56 - G42 - G62 Schematics Â - Compaq Presario CQ56 - CQ62 Schematics Â - 31AX2MB00D0 Â - DA0AX2MB6E0 Â - DA0AX2MB6E1 Â - AX2 - AX7 Motherboard Schematics
42 pages
20 Hacker Tricks For Attacking Web Apps
No ratings yet
20 Hacker Tricks For Attacking Web Apps
30 pages
Password Cracking and BruteForce Tools
100% (6)
Password Cracking and BruteForce Tools
24 pages
Top 100 Security Tools
No ratings yet
Top 100 Security Tools
5 pages
Best O.S and Tools To Learn Hacking
No ratings yet
Best O.S and Tools To Learn Hacking
2 pages
Zanti - Android App For Hackers - Haxf4rall
0% (1)
Zanti - Android App For Hackers - Haxf4rall
35 pages
Ciena Switch Script
No ratings yet
Ciena Switch Script
2 pages
Session Hijacking Manual
No ratings yet
Session Hijacking Manual
37 pages
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
From Everand
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
Dr. Hidaia Mahmood Alassouli
No ratings yet
Hackercool Sept 2016: 0, #0
From Everand
Hackercool Sept 2016: 0, #0
kalyan chinta
5/5 (1)
Wireless and Mobile Hacking and Sniffing Techniques
From Everand
Wireless and Mobile Hacking and Sniffing Techniques
Dr. Hidaia Mahmood Alassouli
No ratings yet
Hacking of Computer Networks: Full Course on Hacking of Computer Networks
From Everand
Hacking of Computer Networks: Full Course on Hacking of Computer Networks
Dr. Hidaia Mahmood Alassouli
No ratings yet
Burp Suite Pro Complete Installation Guide
No ratings yet
Burp Suite Pro Complete Installation Guide
6 pages
Authentication Bypassing Using WebGoat and BurpSuite
No ratings yet
Authentication Bypassing Using WebGoat and BurpSuite
8 pages
21 Best Kali Linux Tools For Hacking and Penetration Testing
100% (2)
21 Best Kali Linux Tools For Hacking and Penetration Testing
21 pages
HackBashxAYCEP 2024 Web Hacking Fundamentals
100% (1)
HackBashxAYCEP 2024 Web Hacking Fundamentals
55 pages
Brute Force
No ratings yet
Brute Force
18 pages
All Links
No ratings yet
All Links
4 pages
TryHackMe - Intro To Offensive Security
100% (1)
TryHackMe - Intro To Offensive Security
4 pages
OpenBSD Proxy Server
No ratings yet
OpenBSD Proxy Server
25 pages
Website Hacking Introduction - From - HCH
No ratings yet
Website Hacking Introduction - From - HCH
10 pages
01 Burp Suite Dashboard
No ratings yet
01 Burp Suite Dashboard
11 pages
RDP Pen Testing
No ratings yet
RDP Pen Testing
28 pages
Bypass Google Two Factor Authentication - Codelivly
No ratings yet
Bypass Google Two Factor Authentication - Codelivly
7 pages
Web Application Hacking - Introduction To Web Hacking - Codeliv
100% (1)
Web Application Hacking - Introduction To Web Hacking - Codeliv
21 pages
How To Hack WPA/WPA2 Wi Fi With Kali Linux: Last Updated: June 23, 2022
No ratings yet
How To Hack WPA/WPA2 Wi Fi With Kali Linux: Last Updated: June 23, 2022
7 pages
Web Crawler A Survey
No ratings yet
Web Crawler A Survey
3 pages
Languages For Hacking
No ratings yet
Languages For Hacking
7 pages
Remote Hacking
No ratings yet
Remote Hacking
2 pages
Androrat
No ratings yet
Androrat
4 pages
Top Burp Suite Extension Used by Pentesters
100% (1)
Top Burp Suite Extension Used by Pentesters
27 pages
WiFi Hacking Trick
No ratings yet
WiFi Hacking Trick
5 pages
Burp Suite
No ratings yet
Burp Suite
35 pages
Termux Guide
No ratings yet
Termux Guide
11 pages
SQLMAP For Dummies v1
No ratings yet
SQLMAP For Dummies v1
3 pages
Weaponized XSS Workshop
No ratings yet
Weaponized XSS Workshop
54 pages
100 Hacking Tools and Resources - HackerOne
100% (3)
100 Hacking Tools and Resources - HackerOne
10 pages
Tool-X - A Kali Linux Hacking Tool Installer
100% (1)
Tool-X - A Kali Linux Hacking Tool Installer
1 page
Ethical Hacking Using Kali Linux
No ratings yet
Ethical Hacking Using Kali Linux
10 pages
Information Gathering
No ratings yet
Information Gathering
11 pages
Shodan Cheet Sheet
No ratings yet
Shodan Cheet Sheet
1 page
Android Penetration Testing
No ratings yet
Android Penetration Testing
32 pages
1671434977811-WAF Bypass Methods Techniques
No ratings yet
1671434977811-WAF Bypass Methods Techniques
15 pages
Fast Track Hacking-Backtrack5 Tutorial: Tutorials Web Design Tutorials Catia V5 Tutorials Backtrack 3D Max Tutorials
No ratings yet
Fast Track Hacking-Backtrack5 Tutorial: Tutorials Web Design Tutorials Catia V5 Tutorials Backtrack 3D Max Tutorials
5 pages
002foot Printing and Reconnaissance
100% (1)
002foot Printing and Reconnaissance
10 pages
Shodan Dorking
100% (2)
Shodan Dorking
7 pages
Android Hacking Through WAN
No ratings yet
Android Hacking Through WAN
9 pages
Hacking Tools List
No ratings yet
Hacking Tools List
8 pages
Hacking Tools 2023
No ratings yet
Hacking Tools 2023
1 page
Hack Your Self First
No ratings yet
Hack Your Self First
62 pages
How To Sniff HTTP POST Password Via Network Using Wireshark Network Analyzer - Ethical Hacking Tutorials, Tips and Tricks
100% (1)
How To Sniff HTTP POST Password Via Network Using Wireshark Network Analyzer - Ethical Hacking Tutorials, Tips and Tricks
9 pages
Wifi Hacking
100% (1)
Wifi Hacking
2 pages
Free BTC 30$ - 50$ Per Day!
No ratings yet
Free BTC 30$ - 50$ Per Day!
4 pages
Ip Spoofing
No ratings yet
Ip Spoofing
38 pages
Credential Dumping Ethical Hacking
No ratings yet
Credential Dumping Ethical Hacking
157 pages
Zeus Spy Eye Banking Trojan Analysis
0% (1)
Zeus Spy Eye Banking Trojan Analysis
31 pages
NFC-based Data Retrieval Device
No ratings yet
NFC-based Data Retrieval Device
9 pages
Attacking Web Login Portals - How I Hacked Over 600 Accounts - C
100% (1)
Attacking Web Login Portals - How I Hacked Over 600 Accounts - C
10 pages
The Fat Rat
0% (1)
The Fat Rat
5 pages
Install On Kali..
No ratings yet
Install On Kali..
3 pages
$100 Dorks E-Boo
No ratings yet
$100 Dorks E-Boo
19 pages
930 Transceiver Brochure
No ratings yet
930 Transceiver Brochure
2 pages
Advanced Computer Networks - Unit 10 - Week 7 4
No ratings yet
Advanced Computer Networks - Unit 10 - Week 7 4
3 pages
Firewall Security Practices Report
No ratings yet
Firewall Security Practices Report
15 pages
Dt4030e 00
No ratings yet
Dt4030e 00
3 pages
00fh725 en
No ratings yet
00fh725 en
288 pages
How To Detect and Remove Malware
No ratings yet
How To Detect and Remove Malware
8 pages
What Is GPS?
No ratings yet
What Is GPS?
40 pages
Build Prop
No ratings yet
Build Prop
7 pages
From Networks and Network Management Into Service and Service Management
No ratings yet
From Networks and Network Management Into Service and Service Management
2 pages
Firepower NGFW Lab v1
100% (1)
Firepower NGFW Lab v1
111 pages
HX 402
No ratings yet
HX 402
26 pages
Proxy Site List
67% (3)
Proxy Site List
2 pages
Mobile Communication
No ratings yet
Mobile Communication
57 pages
Computer Networks
No ratings yet
Computer Networks
54 pages
Unit III - Comer Douglas Internetworking With TCP IP Vol.1
No ratings yet
Unit III - Comer Douglas Internetworking With TCP IP Vol.1
100 pages
Community Radio On Installation, Broadcast and Operation Policy 2017
No ratings yet
Community Radio On Installation, Broadcast and Operation Policy 2017
15 pages
42LE5500 Presentation
No ratings yet
42LE5500 Presentation
76 pages
IT-Pruefung: Prüfungshilfen Für IT Zertifizierungen
No ratings yet
IT-Pruefung: Prüfungshilfen Für IT Zertifizierungen
9 pages
3GPP TR 22.803
No ratings yet
3GPP TR 22.803
45 pages
Models
No ratings yet
Models
4 pages
Ramana Network Engineer & System Administrator CV
100% (1)
Ramana Network Engineer & System Administrator CV
6 pages
@vtucode - in Module 3 CN 2021 Scheme
No ratings yet
@vtucode - in Module 3 CN 2021 Scheme
45 pages
Iot
No ratings yet
Iot
2 pages
Congestion Control Using NBP
No ratings yet
Congestion Control Using NBP
12 pages
SImple NPS Configuration As Radius Part 1 PDF
No ratings yet
SImple NPS Configuration As Radius Part 1 PDF
39 pages
Abstract-WPS Office
No ratings yet
Abstract-WPS Office
12 pages
Serial Port Model
No ratings yet
Serial Port Model
4 pages
Descripción Alarmas
No ratings yet
Descripción Alarmas
24 pages

11.3 Session Hijacking Tools

Uploaded by

11.3 Session Hijacking Tools

Uploaded by

CBTU presents Ethical Hacker training course based on

Module 11: Session hijacking

You might also like