Loading...

Hijacking Session Cookies using Surfjack (made by enablesecurity)

6,612 views

Loading...

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jun 26, 2009

Found it on securitytube
http://www.securitytube.net/Hijacking...

Surfjack is the name given to an attack that allows a man in the middle to hijack session cookies even when the victim is making use of SSL instead of plaintext HTTP. This video shows the tool being demonstrated against a Gmail account. The proof of concept tool (also called surfjack) is able to work on both Ethernet by making use of ARP cache poisoning, and WiFi in monitor mode. Although Gmail somehow fixed the issue by setting the cookies to "secure", many other sites are still vulnerable.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...