-
Upload
stefan-fodor -
Category
Technology
-
view
644 -
download
0
Transcript of Facebook
Blue Gradients
Hacking Facebook
Stefan FODOR(backb0ne fl00d3r )
17th of May
Vlad ZAHAN
Overview
Cookie jar
Man-in-the-middle-atack
Hacking no 1 (ARP poisoning)
Hacking no 2 (Firesheep)
XSS
Facebook applications
Hacking no 3 (XSSing)
Questions?
Web-Cookies
Text stored on user's computer by a browser
Save user's preferencesLanguage
Location
Login informationsLogin or not
Last login
Autologin (remember me box)
Cookie jar
Men in the middle attack
Hacking no 1
ARP Poisoning
Wireshark authentication cookies
Modify existing cookies
Refresh the page
Wanna see a demo?
Dmesg messages from kernel
Firesheep
XSS
Aka Cross-site scripting
Security vulnerability of web applications
Inject code into the webpage
Facebook application
Apps loaded into Facebook page
Created by third-parties
Some sort of social-coding?
Facebook apps are ...
Incredible
Useful
Fun
Entertaining
Challenging
...vulnerable to XSS!
XSSing Facebook
http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!
In theory...
Make a cookie stealing app
Send it to a server
Store the cookies
Have fun!
In theory this should work...
Questions?
References
http://hackhaholic.blogspot.com/2011/04/what-is-arp-spoofing-and-how-to.html
http://codebutler.com/firesheep
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
http://www.xssed.com/mirror/59032/