This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hi everyone. i'm writing a thesis on Facebook Connect implementation and on its vulnerability issues.

Since its for educational purpose,it's important for me to simulate a side jacking attack. i've used this configuration: one vbox guest machine (WinXP) acting as client and one vbox host machine (openSuse) acting as connection gateway (on wich Wireshark is sniffing packets).

alt text

  • on the guest machine, after having flushed cookies and browser history, i have shared a youtube video on my fb profile through fb connect, while on host i've recorded network traffic. after that, i just closed the browser (not logged out), moved to host, filtered traffing for packets that contains http cookies related to user session.
  • After that, i've tried, on host, to share a YT video on FB using these captured cookies. for that purpose i've used Cookie Manager+ ff extension. anyway, this trick doesn't work and my credential (even not my name, but my password yes) are still needed. i'm sure that i can use cookies usefully, but i don't know how practically. I'd like to know from you which cookies have to be injected and also whic other part of the request (e.g. querystring) have to be inserted, so that this attack is effective? i've tried other tools (Firesheep ,py-cookieJsInjection, Hamster and Ferret) that help to make straightforward this process, but none of these helped.

thanks Luke

asked 28 May '11, 10:06

lordluke80's gravatar image

lordluke80
1111
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×73
×36
×21
×9

question asked: 28 May '11, 10:06

question was seen: 6,753 times

last updated: 28 May '11, 10:06

p​o​w​e​r​e​d by O​S​Q​A