Authentication Cookies used by Facebook :
The cookie which facebook uses to authenticate
it's users is called "Datr" , If an attacker can get
hold of your authentication cookies, All he
needs to do is to inject those cookies in his
browser and he will gain access to your
account.
This is how a facebook authentication
cookie looks like:
datr=
b7f94f977295759399293c5b076761
ede159a827030fc;
An attacker may use variety of methods in order
to steal your facebook authentication cookies
depending upon the network he is on,
If an
attacker is on a hub based network he would
just sniff traffic with any ***Packet Sniffer***
and gain access to victims account.
If an attacker is on a Switch based network he
would use an ***ARP Poisoning*** request to
capture authentication cookies, If an attacker is
on a wireless network he uses a tool
called ***FIRESHEEP*** in order to capture
authentication cookie and gain access to
victims account.
Here in the example below I will be explaining in
simple STEPS how an attacker can capture your
authentication cookies and hack into your
Facebook account with
#Wireshark
up Facebook.com and make sure that
you are not logged in.
Now comes the important part,,,,,!!!
Well, the best way to protect yourself
against a session hijacking attack is to use
" https:// " connection each and every time
you login to any of your accounts in
Facebook, Gmail, Yahoo or any other email
account. As your cookies would be
encrypted so even if an attacker manages
to capture your session cookies he won't be
able to do any thing with your cookies.
Also avoid using unwanted apps that you
use in FACEBOOK. Keep changing your
password freequently. Use tough passwords
which are hard to guess with a
combination of uppercase and lowercase
characters with symbols in between to
make the password very strong.
The cookie which facebook uses to authenticate
it's users is called "Datr" , If an attacker can get
hold of your authentication cookies, All he
needs to do is to inject those cookies in his
browser and he will gain access to your
account.
This is how a facebook authentication
cookie looks like:
datr=
b7f94f977295759399293c5b076761
ede159a827030fc;
An attacker may use variety of methods in order
to steal your facebook authentication cookies
depending upon the network he is on,
If an
attacker is on a hub based network he would
just sniff traffic with any ***Packet Sniffer***
and gain access to victims account.
If an attacker is on a Switch based network he
would use an ***ARP Poisoning*** request to
capture authentication cookies, If an attacker is
on a wireless network he uses a tool
called ***FIRESHEEP*** in order to capture
authentication cookie and gain access to
victims account.
Here in the example below I will be explaining in
simple STEPS how an attacker can capture your
authentication cookies and hack into your
Facebook account with
#Wireshark
Step 1 - First of all download wireshark from the official website and install it.
Step 2 -
Next open up wireshark click on analyze and then click on interfaces.
Step 3 -
Next choose the appropriate interface and click on start.
Step 4 -
Continue sniffing for around 10 minutes.
Step 5 -
After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 -
cookie contains “datr” at top left, This filter will search for all the http cookies with the name
datr, And datr as we know is the name of the facebook authentication cookie.
Step 7 -
Next right click on it and goto Copy - Bytes - Printable Text only.
Step 8 -
Next you’ll want to open up firefox. You’ll need both Greasemonkey
and the cookieinjector script . Now openup Facebook.com and make sure that
you are not logged in.
Step 9-
Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.
Step 10 -
Now refresh your page and.....BINGO............. You are logged in to the victims facebook
account.......Now comes the important part,,,,,!!!
HOW TO PROTECT YOUR ACCOUNT ??
Well, the best way to protect yourself
against a session hijacking attack is to use
" https:// " connection each and every time
you login to any of your accounts in
Facebook, Gmail, Yahoo or any other email
account. As your cookies would be
encrypted so even if an attacker manages
to capture your session cookies he won't be
able to do any thing with your cookies.
Also avoid using unwanted apps that you
use in FACEBOOK. Keep changing your
password freequently. Use tough passwords
which are hard to guess with a
combination of uppercase and lowercase
characters with symbols in between to
make the password very strong.
0 comments :
Post a Comment