SESSION HIJACKING ANY ACCOUNT [ANDROID] Login Session Hijacking Of Any Account Using Android Smartphone.

Disclaimer: Login Session Hijacking is illegal without mutual consent. This tutorial is just for educational purposes. Tech gyan will not be responsible for anything you do.



Understanding Session Hijacking/Cookie Hijacking



Session hijacking , sometimes also known as cookie hijacking is the exploitation of a valid account Login session—sometimes also called a session key —to gain access to the account.


What are Cookies? – A cookie is a data packet sent from a website and stored on the web browser while the user is browsing. Cookies store data such as items added in the shopping cart in an online store or to record the user’s browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). They can also be used to store data that the user previously entered such as names, addresses, passwords, and credit card numbers.

Session Side Hijacking – Using packet sniffing to read data between the browser and website to
steal the session cookie . Here in this tutorial, we will use this method to hijack login sessions.


Session Hijacking Using Android Smartphone



Prerequisites: Attacker and Victim Must Be In Same WiFi Network // Prior to anything connect to the WiFi network, on which you want to do session hijacking of other peoples

• First Of All You Will Have To Download A Tool Named “ Interceptor-NG ” (    http://sniff.su/download.html)

• Once you Have installed the app, tap it open and give necessary permissions.

• Once inside the app, Tap on the ” Radar” on top left corner to start scanning all the connected devices in the network.

• After scanning it will show up a list of all connected devices (tap any device you want to hijack and Hit The Arrow on top right)

Scan Devices, Select Device, Hit The Arrow

On the next screen you will see a “Settings Gear” on top right, tap it and tick “Ressurection” and “SSL Strip” (as shown in the image down below)

settings menu

Tap The Nuclear Icon on top left and hit “Play Triangle” Beneath it (This Will Initiate Interception)

initializing the interception

Now Hit The “Shark Fin Icon” on the right of Nuclear icon, inside it Tap the “Play Triangle” To Start Capturing The Data Packets.

start capturing data packets

Let’s Hunt For Session Cookies Now.

Now we are all set to start cookie capturing, For the demonstration purpose, I will show it to you by stealing a session cookie from my Windows PC to Android.

Okay so now I will login into my account in a website in my Windows PC and let’s see how does that work.

Now Head Over To The Globe Icon in Interceptor-NG, there you will the list of captured cookies.. Hit on the Web Link (near the IP Address) to break inside the account using session key.

captured session cookies

Once You have tap on the web link, an in-app web browser will open up and you will be logged in into the victim’s account.