1. Perform Session Hijacking
1. Hijack a session using Zed attack proxy (ZAP)
Set the browser proxy to go through Attack PC running ZAP. Now go to the break tab (same as intercept in Burp).
Now set the proxy settings
Click the Set break on all requests and responses icon on the main ZAP toolbar. This button sets and unsets a global breakpoint that will trap and display the next response or request from the victim's machine in the Break tab. Note: The Set break on all requests and responses icon turns automatically from green to red.
Now when the victim browses the sites, his request will be intercepted and we can forward request one by one. We can modify the parameter as we want.
2. Perform session hijacking with bettercap
Reference
Bettercap help
Start bettercap
Type Help to list all commands.
To detect hosts on network
Now enable ssl strip (HTTPS to HTTP)
Now lets do the arp poisoning
Now turn on http proxy and sniffer
To set the sniffer to capture only passwords, we can use the following
3. Intercept HTTP traffic using Hetty
Last updated