Session Hijacking Visual Exploitation v1.1 releases
Session Hijacking Visual Exploitation
Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code.
Installation
Prerequisites
To run Session Hijacking Visual Exploitation, you will need to have the following software installed:
- Node.js (version 19.0.0 is recommended due to compatibility issues with newer versions)
- npm
- nvm (Node Version Manager, recommended for easily switching between Node.js versions)
Server Installation
To install the server, follow these steps:
- Clone the repository from GitHub:
git clone git@github.com:doyensec/Session-Hijacking-Visual-Exploitation.git
- Navigate to the server directory:
cd Session-Hijacking-Visual-Exploitation/server
- Install the server dependencies:
npm install
Client Installation
Session Hijacking Visual Exploitation provides pre-compiled client applications, which you can download directly from the GitHub releases. If you want to compile the application yourself or develop further, follow these steps:
Direct Download:
- Go to the Releases section of the GitHub repository.
- Download the suitable package for your OS.
- Install the application as you would with any other software on your OS.
Compile & Build Using Electron Builder:
-
Clone the repository:
git clone git@github.com:doyensec/Session-Hijacking-Visual-Exploitation.git
-
Navigate to the client directory:
cd Session-Hijacking-Visual-Exploitation/client
-
Install client dependencies:
npm install
-
Build the application for your OS:
npm run pack
This will generate executable files for your Operative System. The resulting files will be in the dist directory.
Node.js Version Recommendation
Due to compatibility issues with recent Node.js versions, we recommend using Node.js version 19.0.0. You can easily switch to this version using nvm:
-
Install nvm by following the instructions here.
-
After installing nvm, install and use Node.js version 19.0.0:
nvm install 19.0.0
nvm use 19.0.0
Usage
To use Session Hijacking Visual Exploitation, follow these steps:
- Start the server:
cd Session-Hijacking-Visual-Exploitation/server
npm start
The first time the server starts, it will require an initial setup. Follow the provided steps for configuration
-
Start the client:
-
Log in with the previously created user (it will be required during the configuration)
-
On the client, use the button to download the certificate and install it
-
Inject the malicious JavaScript in the browser (You can obtain the script in the payloads page)
Configuration
We provide several options for configuration:
- npm run createUser: Create a new user
- npm run regenerateToken: Regenerate the token used for JWT signatures
- npm run setConfig: Establish server ports and specify whether SSL will be used. If SSL is to be used, add the privateKey.pem and certificate.pem files to the files directory
Modes
On the tool, you will notice there are two different modes:
- Interactive: It will allow you to access the different websites using the victim browser’s security context
- Visual: It will show you what the victim is seeing and doing in the hooked browser
Source: https://github.com/doyensec/