UP TO 50% OFF on Combo Courses!

Hamster Sidejacking for eavesdrops

You know that everything sent over Wi-Fi is vulnerable to eavesdropping. A handful of hotspots now encrypt user data—usually with WPA—but the vast majority still expect customers to protect themselves. Sadly, many users continue to ignore even this simple threat. Those who know better often defend their data by using VPNs or SSL-protected websites.

Unfortunately, hotspot users who visit websites like Gmail, HotMail, and Yahoo! Mail may be more exposed than they thought.

Consider that you are sitting at a cozy restaurant that is full almost to the brink with people – busy eating and working on their laptops. You boot up your laptop, and you fire up your old faithful WireShark only to find that you are able to sniff the traffic on this open network in clear text. You want to know what the other person is doing with his laptop – mailing his girlfriend, chatting up someone, etc. What could you possibly do? Simple – use Hamster!

Hamster is a great tool for side jacking 🙂 

What is Sidejacking?

Sidejacking is a form of “HTTP session hijacking” that works with “passive” eavesdropping.

HTTP session hijacking is where the hacker grabs your “session cookies”. Your session with the web server is identified with a unique cookie. This cookie is sent to your browser at the start of the session, and your browser echos it back from that point forward.

There are many forms of session hijacking. Some use cross-site scripting to grab them from your browser. Some use “man-in-the-middle” attacks to intercept the connection then resend it. The sidejacking method uses passive eavesdropping of cookies. Users collect cookies using a packet-sniffer, then import them into the browser. Unlike other methods of session hijacking, there is nothing the user can possibly see that would tell them their session is being hijacked. They can’t “View source” to find errant JavaScript (as they could with cross-site-scripting attacks). They can’t sniff their own traffic is see that it’s being changed (as in man-in-the-middle) attacks.

In addition, sidejacking allows for offline attacks. Session cookies last a long time, sometimes for years. That means a hacker could capture packets with a packet-sniffer at one point, then weeks later in another part of the world, import the cookies into the browser and access the session.

Hamster is a tool for HTTP session hijacking with passive sniffing. It does so, by sniffing on a network, capturing the session cookies, importing them into the browser to allow you to hijack their session! HTTP session hijacking or SideJacking is where you hijack a existing Web session with a remote service by intercepting and using the credentials (normally session cookies) that identified the user to that specific server.

Hamster Sidejacking
Hamster Sidejacking

You could say that you could possibly hijack sessions by sniffing cookies with a network sniffer and then import them into a browser. You could even conduct cross-site scripting attacks to collect cookies. But, without right tools, you could end up doing a lot of work. Hamster just automates all of this. In fact, it makes it so easier for you to hijack valid HTTP sessions, that it lets you know how many of your targets could have possibly non-encrypted cookies. You also get status updates on the screen so you can keep track of how many packets you have captured. Since the version 2, Ferret has been kind of integrated with Hamster. You execute Hamster, let it know what interface to use and off Ferret goes – sniffing the wire.

Hamster is a tool or “sidejacking”. It acts as a proxy server that replaces your cookies with session cookies stolen from somebody else, allowing you to hijack their sessions. Cookies are sniffed using the Ferret program. You need a copy of that as well.

Reference: https://tools.kali.org/sniffingspoofing/hamster-sidejack

hamster Usage Example(s)

root@kali:~# hamster
--- HAMPSTER 2.0 side-jacking tool ---
Set browser to use proxy
DEBUG: set_ports_option(1234)
DEBUG: mg_open_listening_port(1234)
Proxy: listening on
beginning thread