Session Hijacking
What if the user uses the "remember me" feature?
If the user uses this feature the authentication happens using the cookies and not the user and password, So instead of sniffing the password we can sniff the cookies and inject them into our browser, this will allow us to login to the user's account without using the password.
apt-get install ferret-sidejack
ferret -i [INTERFACE]
hamster
Start the hamster
It works.
扫描二维码关注公众号,回复:
8117718 查看本文章
You can get the cookies on the victim PC and login in as the authorized user.
....