Category:Session Hi-Jacking

From SecurityForest


  • Hunt Image:Lin.jpg : An advanced packet sniffing and connection intrusion tool for Linux
Hunt can watch TCP connections, intrude into them, or reset them. Hunt is meant to be used on ethernet, and has active mechanisms to sniff switched connections. Advanced features include selective ARP relaying and connection synchronization after attacks. If you like Hunt, also take a look at Ettercap and Dsniff.
http://lin.fsid.cvut.cz/~kra/index.html#HUNT
  • ettercap Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg: In case you still thought switched LANs provide much extra security
Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.
http://www.ettercap.com , http://ettercap.sourceforge.net
  • P.A.T.H Image:Lin.jpg Image:Bsd.jpg: Pearl Advanced TCP Hijacking
P.A.T.H is a collection of tools for inspecting and hijacking network connections written in Perl. The project consists of a packetgenerator (constructing TCP/IP, UDP/IP, ICMP and ARP packets), a RST daemon (to reset TCP connections), a sniffer (with special mail and telnet modes), an ICMP redirection tool (to implement man-in-the-middle attacks with icmp redirect messages), an ARP redirection tool, an IDS testing tool and an automatic hijacking daemon for plain protocols (like telnet).
http://p-a-t-h.sourceforge.net
  • ARP0c Image:Win.jpg Image:Lin.jpg: ARP0c connection interceptor
ARP0c is a connection interceptor (using ARP spoofing and a bridging engine).ARP requests from various sources in a switched environment get false ARP response packets which point to the host running ARP0c. Packets from these hosts are bridged with an internal engine to the real destination address to allow normal network operation and keep TCP connections alive. Packets to hosts in remote (read: reachable using a router) subnets are forwarded to a gateway using an internal routing table - independant from the hosts routing table.
http://www.phenoelit.de/arpoc/index.html

Articles in category "Session Hi-Jacking"

There are 0 articles in this category.
Retrieved from "http://www.securityforest.com/wiki/index.php/Category:Session_Hi-Jacking"
Advertisement