Surf Jack – Cookie Session Stealing Tool


A tool which allows one to hijack HTTP connections to steal cookies – even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.

Features:

  • Does Wireless injection when the NIC is in monitor mode
  • Supports Ethernet
  • Support for WEP (when the NIC is in monitor mode)

Known issues:

  • Sometimes the victim is not redirected correctly (particularly seen when targeting Gmail)
  • Cannot stop the tool via a simple Control^C. This is a problem with the proxy

Requires:

You can download Surf Jack here:

surfjack-0.2b.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

, , ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


2 Responses to Surf Jack – Cookie Session Stealing Tool

  1. SpikyHead September 21, 2008 at 6:50 am #

    Well have used almost every tool based on Scapy and realy liked it. So should check this one out too..

    Moreover, It seems like a very useful tool…

  2. Goodpeople September 22, 2008 at 7:17 am #

    It’s fairly easy to program you way around threats like this. Just include the destination MAC address in the cookie when you send it out (encrypted of course) and check it against the originating MAC address while reading the cookie back in..