Install WebScarab-NG and use it as a man-in-the-middle web proxy for accessing the Hacme Casino website.
- [Voiceover] When testing internet sites…for security vulnerabilities, it's useful to be able to act…as a man in the middle.…Many web testing tools provide this functionality…in the form of a web proxy.…WebScarab is the OWASP tool used for web proxying…as shown here on the OWASP site.…WebScarab is a Java tool,…so it requires having Java installed on your computer.…Web proxies are application level devices…and are often used in corporate environments…to provide a point of monitoring and security enforcement.…
WebScarab comes preloaded…in the Web Application Analysis menu in Kali…I'll click on it,…and the WebScarab interface will shortly appear.…I'll click on the Proxy tab, and Listeners.…We can see that WebScarab is listening on Port 8008.…I'll go back to the main Summary page.…I've started IceWeasel, and I'll change its configuration…to route through the proxy.…I'll select Preferences, Advanced, Network, Settings,…and Manual proxy configuration to 127.0.0.1…and Port 8008.…
OK. Now I can close the Preferences sheet.…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones