Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session — sometimes also called session key — to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
Requirements
- kali linux
- Ettercap
- Target Website Here We're using www.techpanda.org/
Step 1: - First of all, login to Kali Linux and select ettercap
Step 2 : - It will ask for network interface. Select Your interface here i'm using wlan0 and click OK.
Step 3: - Now select Hosts icons to check avaliable host in your network.
Step 4: - now click on search icon for check avaliable Devices in your network.
Step 5: - It will show the IP Addresses in the network. Select the target IP Address like 192.168.0.105 and click on add to Target 1
Step 6: - Now select Mitm (man in the middle) option. Click on ARP poisoning.
Step 7: - It will ask for sniff remote connections or only poison one-way. Check the option sniff remote connections and click on OK.
Step 8: - Now Select start option and click on start sniffing Icon.
Step 9: - Now sniffling is started im login on www.techpanda.org As a victim.
As you can see It will show you HTTP password of target PC.
Thanks for reading.