Hijacking Session Cookies using Surfjack

Surfjack is the name given to an attack that allows a man in the middle to hijack session cookies even when the victim is making use of SSL instead of plaintext HTTP. This video shows the tool being demonstrated against a Gmail account. The proof of concept tool (also called surfjack) is able to work on both Ethernet by making use of ARP cache poisoning, and WiFi in monitor mode. Although Gmail somehow fixed the issue by setting the cookies to "secure", many other sites are still vulnerable.

A detailed paper on the Surfjack attack is available here and the tool can be downloaded from here.

Sandro Gauci is the owner and Founder of EnableSecurity (www.enablesecurity.com) where he performs R&D and security consultancy for mid-sized companies. Sandro has over 8 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes.

Sandro is the author of the free VoIP security scanning suite SIPVicious (sipvicious.org) and VOIPPACK for CANVAS.