Thursday, 15 November 2012

Sniff Out Facebook Cookie and How to Avoid Being a Victim

0 comments




How to steal Facebook Authentication cookies

How to hack a Facebook account – or, basically how to hijack php sessions. Yes – this is old news – yes its a common vulnerability – but you get a better idea for what it is and how it works when things are explained in detail


Facebook like many sites operates using authentication cookies. Their auth cookies contain a variety of information, but for our purposes this is irrelevant. Here is a sanitized cookie for reference:

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc; lsd=Xesut;lxe=greg.evans%40****************;c_user=100001230367821; lo=wl9fcGXMhPfoT4bAhKFP3Q;
lxs=1;sct=1276721745; xs=a615cfe596448194d6e2a8d062a90e4e


You can see the ‘lxe’ field is the login. We haven’t done any further research into what the various other fields mean, but using facebook without any kind of security you’re both leaking the email address used for your login and the session cookie.


  • First thing you’ll want to do is fire up your favorite packet capture application. For this example we’ve used Wireshark.
  • Next, set the filter in the top left to ” http.cookie contains “datr” “. This should show you only packets captured which contain the cookie we’re looking for. You can see that in this screenshot we’ve already captured a cookie.
  • Once you’ve found a suitable cookie, you can copy it into the buffer by right clicking on the cookie line, and clicking Copy -> Bytes (Printable Text Only)
  • Next you’ll want to open up firefox. You’ll need both greasemonkey and the cookieinjector script. Simply browse to facebook – make sure you are not logged in. (If you still don't have greasemonkey and cookie injector, you can get it from [HERE])
  • Hit ALT-C to bring up the cookie injector dialog box
  • Then paste in the cookie!
  • Hit refresh and – You’re now logged in as your victim! Now this doesn’t give you access to their credentials, this is about the equivalent to walking up to their workstation while they’re away from their desk and using facebook.

VIDEO TUTORIAL






How to Avoid From Being a Victim

That it is VERY EASY to protect yourself against this sort of attack. Facebook supports HTTPS, so when you browse facebook (or twitter for that matter) or if you have it bookmarked – please make sure you’re using HTTPS:// rather than HTTP:// in the URL at the very least, if not using a VPN solution for further encryption. Also, if the ‘victim’ logs out of facebook, the attackers session becomes invalid – so it’s a good practice to actually log out of facebook and log back in again rather than using the ‘remember me’ checkbox.


credit to : atenlabs.com, 



Comments

0 comments to "Sniff Out Facebook Cookie and How to Avoid Being a Victim"

Post a Comment

 

Copyright 2013 All Rights Reserved Customize Revolution Theme by matafungsi