From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Using Subterfuge to hijack sessions through ARP poisoning - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Using Subterfuge to hijack sessions through ARP poisoning
- [Teacher] Subterfuge is a testing tool which provides a number of capabilities, including denial of service, Man in the Middle, and session hijacking, and is designed to be very easy to use. The tool is available from GitHub as shown, and can be loaded into Kali through cloning. Subterfuge runs an ARP poisoning attack on the local network to enable Man in the Middle and session hijacking. The latest release of Subterfuge requires that MITM proxy also be installed. It's installed on Kali, but if you're using another Linux distribution, then the instructions for installing this are in the preconfiguration file associated with this course. Subterfuge was hugely popular when it first came out due to its ability to do SSL stripping and intercept user accounts and passwords easily. While many sites now use more sophisticated security, and no longer fall prey to this attack, there are still a significant number that remain vulnerable. Before we demonstrate the Subterfuge tool, let's look…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
Understanding web sessions4m 8s
-
Understanding WebSockets2m 41s
-
Banking on Zero1m 10s
-
Hijacking sessions using man-in-the-browser4m 32s
-
Intercepting sessions through man-in-the-middle4m 17s
-
Stripping SSL to downgrade the session1m 54s
-
Hijacking an HTTP session through cookies3m 20s
-
Using Subterfuge to hijack sessions through ARP poisoning7m 8s
-
Using Webscarab-NG as a web proxy3m 14s
-
Defeating the Hijack3m 6s
-
-
-
-
-