Learn Hack

Hacking Tutorials

img

SESSION HIJACKING ANY ACCOUNT [ANDROID]

/
/
/
831 Views

Disclaimer: Login Session Hijacking is illegal without mutual consent. This tutorial is just for educational purposes. MyHacker will not be responsible for anything you do.

Understanding Session Hijacking/Cookie Hijacking

 Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid account Login session—sometimes also called a session key—to gain access to the account.

What are Cookies? – A cookie is a data packet sent from a website and stored on the web browser while the user is browsing. Cookies store data such as items added in the shopping cart in an online store or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to store data that the user previously entered such as names, addresses, passwords, and credit card numbers.

Session Side Hijacking – Using packet sniffing to read data between the browser and website to steal the session cookie.  Here in this tutorial, we will use this method to hijack login sessions.


Session Hijacking Using Android Smartphone

Prerequisites: Attacker and Victim Must Be In Same WiFi Network //  Prior  to anything connect to the WiFi network, on which you want to do session hijacking of other peoples

 

  • First Of All You Will Have To Download A Tool Named “Interceptor-NG” (from HERE)
  • Once you Have installed the app, tap it open and give necessary permissions.
  • Once inside the app, Tap on the ” Radar” on top left corner to start scanning all the connected devices in the network.
  • After scanning it will show up a list of all connected devices (tap any device you want to hijack and Hit The Arrow on top right)
session hijacking
Scan Devices, Select Device, Hit The Arrow
  • On the next screen you will see a “Settings Gear” on top right, tap it and tick “Ressurection” and “SSL Strip” (as shown in the image down below)
session hijacking
settings menu
  • Tap The Nuclear Icon on top left and hit “Play Triangle” Beneath it (This Will Initiate Interception)
session hijacking
initializing the interception
  • Now Hit The “Shark Fin Icon” on the right of Nuclear icon, inside it Tap the “Play Triangle” To Start Capturing The Data Packets.
session hijacking
start capturing data packets

Let’s Hunt For Session Cookies Now.

Now we are all set to start cookie capturing, For the demonstration purpose, I will show it to you by stealing a session cookie from my Windows PC to Android.

Okay so now I will login into my account in a website in my Windows PC and let’s see how does that work. (Note The Username in the image Down Below)

session hijacking
Note the username of the Logged in account on Windows PC
  • Now Head Over To The Globe Icon in Interceptor-NG, there you will the list of captured cookies.. Hit on the Web Link (near the IP Address) to break inside the account using session key.
session hijacking
captured session cookies
  • Once You have tap on the web link, an in-app web browser will open up and you will be logged in into the victim’s account. (Match the usernames from PC image and the image down below)
session hijacking
logged-in into victim’s account

 

Login Session Hijacking Any Account Like Child’s Play

So that was all about easiest way of login Session hijacking. Pretty Easy, huh?.  If you know any other ways let us know in the comments.  Also Share it if you like it.

Leave a Comment

Your email address will not be published. Required fields are marked *

It is main inner container footer text