Show Posts
1
Beginner's Corner / sidejacking problem - can't get to https sites through hamster/ferret/kali
« on: December 31, 2015, 04:14:30 pm »
Hi, I'm trying to sidejack my yahoo.com email account. I go into kali, start wireshark, login to my mail, and save the wireshark capture to MyLogin.pcap.
I then clear all browser (iceweasel) history, start Ferret with -r MyLogin.pcap, start hamster, set my browser to use 127.0.0.1:1234 as a proxy (for all protocols) and go to http://hamster.
I can select my ip addr and see all the captured cookies. If I click on www.yahoo.com, this diverts to https://www.yahoo.com and I get "Server not found" in Iceweasel. It's the same for any site that diverts to https. If the site stays on http I'm fine.
If I then try and get to any https site directly in Iceweasel I get the same "Server not found" error until I turn off the hamster proxy.
I really want to get this sidejacking working, is there any solution to this please? I've been trying for about six hours so far today.
Thx a lot for any help, HT.
I then clear all browser (iceweasel) history, start Ferret with -r MyLogin.pcap, start hamster, set my browser to use 127.0.0.1:1234 as a proxy (for all protocols) and go to http://hamster.
I can select my ip addr and see all the captured cookies. If I click on www.yahoo.com, this diverts to https://www.yahoo.com and I get "Server not found" in Iceweasel. It's the same for any site that diverts to https. If the site stays on http I'm fine.
If I then try and get to any https site directly in Iceweasel I get the same "Server not found" error until I turn off the hamster proxy.
I really want to get this sidejacking working, is there any solution to this please? I've been trying for about six hours so far today.
Thx a lot for any help, HT.
but I don't want to messup the session before I'm good enough to use it.
)