Description: Surfjack is the name given to an attack that allows a man in the middle to hijack session cookies even when the victim is making use of SSL instead of plaintext HTTP. This video shows the tool being demonstrated against a Gmail account. The proof of concept tool (also called surfjack) is able to work on both Ethernet by making use of ARP cache poisoning, and WiFi in monitor mode. Although Gmail somehow fixed the issue by setting the cookies to "secure", many other sites are still vulnerable.
A detailed paper on the Surfjack attack is available here and the tool can be downloaded from here.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.