Recently, i was requested by a friend to help him on doing a wireless hacking demo. Besides the WEP cracking tool "Aircrack-NG", sidejacking tools "Ferret and Hamster" also comes to my mind. The last time i tested those tools were early last year. So i decided to revisit the sidejacking tools and make a video of it.Abit on "Ferret and Hamster", it was written by Robert Graham and was officially released during the Defcon conference in 2007, where he log into a list of victims' webmail (shown on a the big screen such as Gmail, Hotmail). Those victims were actually the audience that were still using their webmail during presentation.
This tool actually sniff the network traffic (either wireless or wired) and extract the session-id from the HTTP cookies. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. With the session-id, you can gain access to the victim's account without the need of username and password.
Updated
After posting the video on sidejacking, i feel that i should also provide some simple advise to user on protecting against such attacks.
1> Make sure you use "HTTPS" in your broswer address (e.g "https://mail.google.com") when accessing the login page of a web application, such as Gmail or Hotmail.
2> Check your web application setting whether there is any option to use only SSL(HTTPS) connection. For Gmail, you can set to "Always use https" (shown below).
3> To confirm if your connection is secured after logging in, check to see if there is a "lock" icon in the Status Bar on bottom right of your browser.
