So. We all know about the infamous FireSheep, which caused an EPIC shitstorm when it came out - and was subsequently abused by many a bored student to "Frape" people in lecture halls.
For those of you who have slept throu gh the last year, here is a link to it...
Get FireSheep
Wikipedia: Firesheep
Firesheep on Linux
Now, onward! Firesheep only "Kind of" works on Linux, so we had to find other tools to do the same thing (session sidejacking without any ARP fuckery).
Also, installing FireSheep on Linux was such a total pain in the arse, even WITH instructions, that I soon got annoyed. I may write a .sh script to automate it all later, if I could be arsed.
However, fear not! Someone wrote something awesome! Hamster and Ferret!
Hamster and Ferret
It sets up a web proxy type thing and sniffs wireless. It works, most of the time.
It is also totally awesome!
Here is someone elses video on using it...
Now that is all pretty damn cool. But I found an even better tool yet on my travels...
SurfJack
Why is it better? 'cos it is written in python. That is why. And it is using SCAPY. I love SCAPY.
Check out their site here... Enable Security
There are, of course, a lot of nasty things one can do with session hijacking, and I planned a longer post on the topic but my fingers are tired.
No comments:
Post a Comment