I’m going to show you how to use Hamster and Ferret to side-jack a Facebook account (I use my own) by capturing traffic and replaying it. These tools are simple but very powerful, and to prove just how insecure web browsing can be, I will demo them to prove my point. Use them only on your test environment, I am not responsible for their miss use.
From Hamsters readme:
Hamster is tool or “sidejacking”. It acts as a proxy server that
replaces your cookies with session cookies stolen from somebody
else, allowing you to hijack their sessions.
Cookies are sniffed using the Ferret program.
From Ferrets readme:
Ferret is a tool for sniffing and analyzing packets and pulling out
“interesting” information. It’s like ‘tcpdump’ in some ways, but it
doesn’t print a decode per packet. Instead, it only outputs when it
has something interesting to show. This might be several lines of
text for a single packet, and nothing for thousands more packets.
Let us begin…
Get Hamster and Ferrets source code and unzip it. There are also MS Windows binaries available, if you’re into that sort of thing.
$ wget http://www.erratasec.com/erratasec.zip $ sudo pacman -S zip unzip $ unzip erratasec.zip
Build the tools
$ cd ../../ferret/build/gcc4 $ make $ cd ../../bin $ cd hamster/build/gcc4 $ make
Launch the hamster proxy and configure your web browser to use hamster as its proxy.
$ cd ../../bin/ $ ./hamster $ chromium --proxy-server 127.0.0.1:1234
Point your web browser to 127.0.0.1:1234 and tell hamster to use a network interface. Eth0 or wlan0 are common. The interface must be in, or allow promiscuous mode. You might need to set this up before hand on some systems.
Once you are setup, generate some traffic by browsing around on your local machine or on a unencrypted WiFi connection to test the functionality of hamster and ferret. If you are using one machine having two web browsers is helpful. Here is a video showing off the attack.
To protect against this sort of attack, always use encryption on your wireless communications. An unencrypted WiFi signal at your local coffee shop could mean the loss of your personal data.