Your SlideShare is downloading. ×
  • Like
Facebook
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Facebook

  • 446 views
Published

It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS

It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
446
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
16
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Dmesg – messages from kernel

Transcript

  • 1. Hacking Facebook Stefan FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN
  • 2. Overview
    • Cookie jar
    • 3. Man-in-the-middle-atack
    • 4. Hacking no 1 (ARP poisoning)
    • 5. Hacking no 2 (Firesheep)
    • 6. XSS
    • 7. Facebook applications
    • 8. Hacking no 3 (XSSing)
    • 9. Questions?
  • 10. Web-Cookies
    • Text stored on user's computer by a browser
    • 11. Save user's preferences
    • Login informations
        • Login or not
        • 13. Last login
        • 14. Autologin (“remember me” box)
  • 15. Cookie jar
  • 16. Men in the middle attack
  • 17. Hacking no 1
    • ARP Poisoning
    • 18. Wireshark authentication cookies
    • 19. Modify existing cookies
    • 20. Refresh the page
    • 21. Wanna see a demo?
  • 22. Firesheep
  • 23. XSS
    • Aka Cross-site scripting
    • 24. Security vulnerability of web applications
    • 25. Inject code into the webpage
  • 26. Facebook application
    • Apps loaded into Facebook page
    • 27. Created by third-parties
    • 28. Some sort of social-coding?
  • 29. Facebook apps are ...
  • 34. ...vulnerable to XSS!
  • 35. XSSing Facebook http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!
  • 36. In theory...
    • Make a cookie stealing app
    • 37. Send it to a server
    • 38. Store the cookies
    • 39. Have fun!
    • 40. In theory this should work...
  • 41. Questions?