Friday, November 17, 2017

Facebook Session Hijacking Fun With Your Friends Facebook Account


In computer sciencesession hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer sessionâ€"sometimes also called a session keyâ€"to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victims computer.
              &nb sp;                                                                                                            Source: Wikipedia                                   
So thats a brief about session hijacking from Wikipedia and now its time for the fun part. Lets plot this like a story. Youre engaged in a titanic battle with your good friend and mortal enemy, over that girl you both met during your college techfest. Last week he went too far, and did something which lite rally gained some extra hand over her. And you dont wanna talk about that. Youre now officially at war.
You have to hit him where it hurts. You have to gain access to his facebook account. Its now 3.00pm, afternoon break. He has gone to make a sandwich, and has made the fatal error of forgetting to lock his computer. You have discovered that all you need is a little time with his laptops Facebook session. And this is the best opportunity youre ever going to get.
Your research suggests that he usually favors a chicken roll and a cup of coffee for his late afternoon snacks, and that you most likely have 2 minutes alone with his computer, perhaps 3 if has trouble getting his order that you strategically managed to be late. Game on.
< span style="background-color: white;">

facebook hacking-techmidroid


The Cookie Toss

Youve trained for this moment for days, but even 3 minutes is not enough time to execute your entire plan end-to-end. You keep calm. You can use this small window of opportunity to throw his Facebook session from his laptop onto yours, then continue with the next phase right under his oblivious nose.
His session is in his browser cookies. You get his facebook.com cookies, you get his session.
The problem is that opening developer console and throwing down some javascript only gives you 6 of the 11 cookies set by facebook. The other 5, the ones with the session data that you actually care about< are all marked httponly and are completely inaccessible by javascript. The clock is ticking. Chrome stores its cookies in a sqlite3 database. But theyre encrypted.

The Gameplay

Jezwin Varghese-Techmidroid





















< div>

Theres this handy little chrome extension called EditThisCookie. This extension is able to 


export and import cookies with incredible speed, since Chrome Extension have access to all cookies, even those marked httponly. You quickly install it, hit Export and email yourself the JSON serialized cookies. You uninstall it and delete the browser history to avoid arousing suspicion. You fire up your laptop, import these cookies using the same extension, and hit facebook.com. You have access. As long as your friend doesnt log out and expire your now shared session, the gameplay is complete. 
He comes back, enormous sandwich in hand. But its too late. Youre in.


Cookie Hijacking- Techmidroid


Hope you guys enjoyed this post. Subscribe our newsletters for latest update in technology and hacking. 


No comments:

Post a Comment