Lab 10.2.11 Hijack a Web Session [WLOs: 1, 2, 3, 4, 5] [CLOs: 1, 2, 3]

 

Complete this lab as follows:

1. On IT-Laptop, open Terminal from the sidebar.
2. At the prompt, type host office1 and press Enter to get the IP address of Office1.
3. Type route and press Enter to get the gateway address.
4. Use Ettercap to sniff traffic between Office1 and the gateway as follows:
   1. From the Favorites bar, open Ettercap.
   2. Maximize the window for easier viewing.
   3. Select Sniff > Unified sniffing.
   4. From the Network Interface drop-down list, select enp2s0.
   5. Click OK.
   6. Select Hosts > Scan for hosts.
   7. Select Hosts > Host list.
      We want to target information between Office1 (192.168.0.33) and the gateway (192.168.0.5).
   8. Under IP Address, select 192.168.0.5.
   9. Select Add to Target 1.
   10. Select 192.168.0.33.
   11. Select Add to Target 2.
5. Initiate a man-in-the-middle attack as follows:
   1. Select Mitm > ARP poisoning.
   2. Select Sniff remote connections.
   3. Click OK. You are ready to capture traffic.
6. On Office1, log in to the employee portal on rmksupplies.com as follows:
   1. From the top navigation tabs, select Floor 1 Overview.
   2. Under Office 1, select Office1.
   3. From the taskbar, open Chrome.
   4. Maximize the window for easier viewing.
   5. In the URL field, enter rmksupplies.com.
   6. Press Enter.
   7. At the bottom of the page, select Employee Portal.
   8. In the Username field, enter bjackson.
   9. In the Password field, enter $uper$ecret1.
   10. Click Login.
       You are logged into the portal as Blake Jackson.
7. On IT-Laptop, copy the session ID detected in Ettercap as follows:
   1. From the top navigation tabs, select Floor 1 Overview.
   2. Under IT Administration, select IT-Laptop.
   3. In the Ettercap console, find bjackson's username, password, and session cookie (.login) captured in Ettercap.
   4. Highlight the session ID.
   5. Press Ctrl + C to copy.
8. On Office2, go to rmksupplies.com and use the cookie editor plug-in to inject the session ID cookie as follows:
   1. From the top navigation tabs, select Floor 1 Overview.
   2. Under Office 2, select Office2.
   3. From the taskbar, open Chrome.
   4. Maximize the window for easier viewing.
   5. In Chrome's URL field, enter rmksupplies.com.
   6. Press Enter.
   7. In the top right corner, select cookie to open the cookie editor.
   8. At the top, select the plus + sign to add a new session cookie.
   9. In the Name field, enter .login
   10. In the Value field, press Ctrl + V to paste in the session cookie you copied from Ettercap.
   11. Make sure rmksupplies.com is in the Domain field.
   12. Select the green check mark to save the cookie.
   13. Click outside the cookie editor to close the editor.
9. At the bottom of the rkmsupplies page, select Employee Portal.
   You are now on Blake Jackson's web session.