The purpose of this post is to create awareness about the sense of insecurity while accessing wireless networks & not to encourage illegal hacking activites.
Sidejacking tool is available here. -- http://erratasec.blogspot.com/2007/08/sidejacking-with-hamster_05.html
Sidejacking tool consists of ferret & hamster. Ferret sniffs cookies & hamster convert that cookie information into something Browser can understand, also it acts as internal proxy server. So its a point & click attack & very easy to implement.
Information about sidejacking---
http://www.tgdaily.com/security-features/34324-tg-video-wirelessly-hacking-gmail-and-more-tutorial
http://erratasec.blogspot.com/2008/01/more-sidejacking.html
By conducting sidejacking a person can view the web page that you are browsing now.
Sidejacking attacks are used to sniff off your session cookies of almost every site in a wireless network & are mostly successful. The person conducting sidejacking first sniff the packets in the wireless network by using sniffer tools like wireshark & then run ferret, passing it the sniffed file(*.pcap ) name as the parameter. After that execute hamster. One can sniff directly using ferret but its not as affective as wireshark.
I have once sidejacked someone's session cookies for the site iptorrents.com an year ago, my pc was acting like router at that moment. Though I wasn't rude enough to change his password & contact email in that site. After one month he may have notices abnormal changes in his upload/download ratio & he changed his password, so its no longer working.
In case we are not the router then someone can easily redirect the traffic of the victim through his system. This can be done by installing sing (>sudo apt-get install sing) & redirect the traffic by executing the command.
>sing -red -S my_fake_ip -gw my_real_ip -dest victim_ip -x host -prot tcp -psrc 100 -pdst 80 victim_ip
Its not working for me, I don't know whether there is something wrong in the command or there is something else.
For protective measures against sidejacking attack --
http://www.givemebackmycredit.com/blog/2009/12/what-is-sidejacking-and-how-to-protect-yourself-from-getting-caught-in-it.html
http://www.h-i-r.net/2009/07/defense-sidejacking-subversive-wireless.html
We can do sidejacking on a WEP or WPA encrypted networks by first capturing the packets with Wireshark or Airodump and then decrypt the packets and save them to a file.
In Wireshark, go to Edit, Preferences, Protocols, IEEE802.11. Then check "Enable Decryption" and follow its instructions for entering your WEP/WPA keys.
If you have captured them with Airodump (or even Wireshark), you can decrypt them by typing 'airdecap-ng -w [wepkey] file.cap'. see man page for doing the same for WPA.
In case, if you are another host in the WEP or WPA encrypted network then you already have the key else cracking a WEP or WPA key is not a big deal nowadays.
SSH tunnels are also one of the solutions! I think ssh tunnels are immune to sidejacking. We can create a tunnel from the gateway to our system. These mechanism can be directly implemented from hardware point of view, that will oust the need of manual tunneling. Routers having such inbuilt functionality may be existing today.
Internet traffic can be directed through ssh tunnel., check this out---- http://www.slugsite.com/archives/315
No comments:
Post a Comment