Author Topic: SessionList  (Read 1934 times)

Ananke

  • Guest
on: July 10, 2012, 06:04:55 PM
Hi.
I would like to suggest a new tool for sesison Hijacking. Works gerate with NetCmd.
SessionList: https://github.com/iamrage/sessionlist

Quote
This is a sniffer. The intent is to sniff HTTP packets and attempt to reconstruct interesting authentication data from websites that do not employ proper secure cookie auth.
As such this tool only sniffs traffic going outbound with a destination port of 80 (by default but can be overriden via optional parameter)
Does this work on SSL?:
Sure. If you can perform SSL MITM you can use this tool on the interface with the decrypted traffic. Since such tools already exist I will not recreate their functionality here. For MITM attacks I prefer
ettercap but to each his/her own. There are a few ways to attack SSL. SSL Strip does a good job of forcing unencrypted traffic if HTTP is available and ettercap can perform SSL MITM.



ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 580
    • View Profile
Reply #1 on: July 10, 2012, 07:19:15 PM
Thanks Ananke,
we have already similar tool included in BB, just FYI, we are trying to avoid any redundancy and/or duplicate applications.

So, if you'd like to run a test comparison between this tools and the other sniffers that we have already in BB pls do it, than you can give us feedback by helping to evaluate in better way in selection.

Appreciate your support in advance.

Happy Hacking!



Ananke

  • Guest
Reply #2 on: July 10, 2012, 07:33:43 PM
Happy to listen these.

P.S. May you say me their name so that i can test them?