search

2. Detect Session Hijacking

Fortunately, there are various tools available that can help you to detect session hijacking attacks such as packet sniffers, IDSs, and SIEMs.

hashtag
1. Detect Session Hijacking using Wireshark

hashtag
Launch MITM attack

  1. Run bettercap -iface eth0 to set the network interface.

    -iface: specifies the interface to bind to (here, eth0).

  2. Type net.probe on and press Enter. This module will send different types of probe packets to each IP in the current subnet for the net.recon module to detect them.

  3. Type net.recon on and press Enter. This module is responsible for periodically reading the system ARP table to detect new hosts on the network.

    The net.recon module displays the detected active IP addresses in the network. In real-time, this module will start sniffing network packets.

  4. Type net.sniff on and press Enter. This module is responsible for performing sniffing on the network.

  5. You can observe that bettercap starts sniffing network traffic on different machines in the network, as shown in the screenshot.

A huge number of Arp requests, indicate attack in progress.

LogoExam Prep & Training for CEH Practical (Unofficial Course)Udemychevron-right
Previous1. Perform Session HijackingNextModule 12. Evading IDS, antivirus and Honeypots

Last updated