Hacking Facebook Stefan FODOR(backb0ne fl00d3r )  17 th  of May Vlad ZAHAN
Overview <ul><li>Cookie jar
Man-in-the-middle-atack
Hacking no 1 (ARP poisoning)
Hacking no 2 (Firesheep)
XSS
Facebook applications
Hacking no 3 (XSSing)
Questions? </li></ul>
Web-Cookies <ul><li>Text stored on user's computer by a browser
Save user's preferences </li><ul><ul><li>Language
Location </li></ul></ul><li>Login informations </li><ul><ul><li>Login or not
Last login
Autologin (“remember me” box) </li></ul></ul></ul>
Cookie jar
Upcoming SlideShare
Loading in...5
×

Facebook

469

Published on

It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
469
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Dmesg – messages from kernel
  • Facebook

    1. 1. Hacking Facebook Stefan FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN
    2. 2. Overview <ul><li>Cookie jar
    3. 3. Man-in-the-middle-atack
    4. 4. Hacking no 1 (ARP poisoning)
    5. 5. Hacking no 2 (Firesheep)
    6. 6. XSS
    7. 7. Facebook applications
    8. 8. Hacking no 3 (XSSing)
    9. 9. Questions? </li></ul>
    10. 10. Web-Cookies <ul><li>Text stored on user's computer by a browser
    11. 11. Save user's preferences </li><ul><ul><li>Language
    12. 12. Location </li></ul></ul><li>Login informations </li><ul><ul><li>Login or not
    13. 13. Last login
    14. 14. Autologin (“remember me” box) </li></ul></ul></ul>
    15. 15. Cookie jar
    16. 16. Men in the middle attack
    17. 17. Hacking no 1 <ul><li>ARP Poisoning
    18. 18. Wireshark authentication cookies
    19. 19. Modify existing cookies
    20. 20. Refresh the page
    21. 21. Wanna see a demo? </li></ul>
    22. 22. Firesheep
    23. 23. XSS <ul><li>Aka Cross-site scripting
    24. 24. Security vulnerability of web applications
    25. 25. Inject code into the webpage </li></ul>
    26. 26. Facebook application <ul><li>Apps loaded into Facebook page
    27. 27. Created by third-parties
    28. 28. Some sort of social-coding? </li></ul>
    29. 29. Facebook apps are ... <ul><li>Incredible
    30. 30. Useful
    31. 31. Fun
    32. 32. Entertaining
    33. 33. Challenging </li></ul>
    34. 34. ...vulnerable to XSS!
    35. 35. XSSing Facebook http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!
    36. 36. In theory... <ul><li>Make a cookie stealing app
    37. 37. Send it to a server
    38. 38. Store the cookies
    39. 39. Have fun!
    40. 40. In theory this should work... </li></ul>
    41. 41. Questions?
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×