Disclaimer: Login Session Hijacking is illegal without mutual consent. This tutorial is just for educational purposes. MyHacker will not be responsible for anything you do.
Understanding Session Hijacking/Cookie Hijacking
Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid account Login session—sometimes also called a session key—to gain access to the account.
What are Cookies? – A cookie is a data packet sent from a website and stored on the web browser while the user is browsing. Cookies store data such as items added in the shopping cart in an online store or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to store data that the user previously entered such as names, addresses, passwords, and credit card numbers.
Session Side Hijacking – Using packet sniffing to read data between the browser and website to steal the session cookie. Here in this tutorial, we will use this method to hijack login sessions.
Session Hijacking Using Android Smartphone
Prerequisites: Attacker and Victim Must Be In Same WiFi Network // Prior to anything connect to the WiFi network, on which you want to do session hijacking of other peoples
- First Of All You Will Have To Download A Tool Named “Interceptor-NG” (from HERE)
- Once you Have installed the app, tap it open and give necessary permissions.
- Once inside the app, Tap on the ” Radar” on top left corner to start scanning all the connected devices in the network.
- After scanning it will show up a list of all connected devices (tap any device you want to hijack and Hit The Arrow on top right)
- On the next screen you will see a “Settings Gear” on top right, tap it and tick “Ressurection” and “SSL Strip” (as shown in the image down below)
- Tap The Nuclear Icon on top left and hit “Play Triangle” Beneath it (This Will Initiate Interception)
- Now Hit The “Shark Fin Icon” on the right of Nuclear icon, inside it Tap the “Play Triangle” To Start Capturing The Data Packets.
Let’s Hunt For Session Cookies Now.
Now we are all set to start cookie capturing, For the demonstration purpose, I will show it to you by stealing a session cookie from my Windows PC to Android.
Okay so now I will login into my account in a website in my Windows PC and let’s see how does that work. (Note The Username in the image Down Below)
- Now Head Over To The Globe Icon in Interceptor-NG, there you will the list of captured cookies.. Hit on the Web Link (near the IP Address) to break inside the account using session key.
- Once You have tap on the web link, an in-app web browser will open up and you will be logged in into the victim’s account. (Match the usernames from PC image and the image down below)
Login Session Hijacking Any Account Like Child’s Play
So that was all about easiest way of login Session hijacking. Pretty Easy, huh?. If you know any other ways let us know in the comments. Also Share it if you like it.