Sunday, June 17, 2012

Session Hijacking : Facebook Account

This is article I write about Session Hijacking with cookies to bypass login and enterance into facebook's account in one LAN, first need is prepare tools, you can use whatever OS but I recommend use Backtrack (Linux) cause All we need include in Backtrack

1. Nmap for Network Mapping
2. Wireshark for Packet Analys
3. Mozilla Firefox for Browser
4. Greasemonkey (Add-on for Firefox) install here
5. Cookies Injector on Userscript.org (Java script code for Greasemonkey) install here

This article I simulate with Virtualbox to running victim's system, first to do we need to scan network with nmap but we need to know own IP use ifconfig (linux) or ipconfig (windows) on terminal (linux) or cmd (windows to seeing own IP address

After we know our IP address we can scan network (in normal setting of LAN security), we can use nmap like here
After we know Target's IP now we can open Wireshark and hunting cookies on LAN.

I choose wlan interface cause I connect on network with WiFi, then this will open wireshark in Wireless interface
After this start to read packet on Wlan Interface type http.cookie on filter bar in Wireshark, that will filter just read packet on http protocol and filter contain cookie, if this work try to find "datr" packet into cookie of facebook from source of target's IP (192.168.1.3) like here
Click on cookie with right click and copy > Bytes > Printable Text Only
Go to Facebook Login Page this our Firefox had costumize with Greasemonkey include Script Code
Press ALT+C to popup cookies injector  and paste cookie data into injector like here
  
 After write cookie into our browser now try to refresh page of browser and this is result
And this is from Victim side
With this session attacker can use account like as real owner account as long as victim active, cause when victim logout session will expired and attacker will force to logout too.

Tips to prevent to be victim

* When you use Internet on public network make sure your network channel is safe from sniffer (Ettercap, Chain & Abel, etc.) look arp table with command #arp -a
* Use Protector your channel in LAN (Tuxcut with protect me mode or AntiNetcut)
* Renew your cookies as often as possible
* Use Private Network

Posted by at 1:46 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Information Security On The Track © 2012 Blog's Shinobi | is2c