Session Hijacking Tools

Session hijacking happens when an attacker hacks the session of a user by obtaining the authentication. For instance, someone has logged into his bank account on the bank website. The session starts once he is logged in and it ends when logged out. The method of taking over a session is called session hijacking

Burp Suite

https://portswigger.net

Ettercap

http://ettercap.github.io
Ettercap: Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

OWASP ZAP

https://www.owasp.org

BetterCAP

https://www.bettercap.org

netool toolkit

https://sourceforge.net

WebSploit Framework

https://sourceforge.net

sslstrip

https://pypi.python.org

JHijack

https://github.com/yehgdotnet/JHijack

Cookie Cadger

https://www.cookiecadger.com

CookieCatcher

https://github.com

hamster

https://github.com

Firesheep

http://codebutler.github.io/firesheep/  

Session Hijacking Tools for Mobile: DroidSheep and DroidSniff

  • DroidSheep:
    • DroidSheep is a simple Android tool for web session hijacking (sidejacking).
    • It listens for HTTP packets sent via a wireless (802.11) network connection and extracts the session IDs from these packets.
  • DroidSniff:
    • DroidSniff is an Android app for security analysis in wireless networks and capturing Facebook, Twitter, Linkedin, and other accounts.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *