Enviar pesquisa
Carregar
Facebook
•
0 gostou
•
502 visualizações
Stefan Fodor
Seguir
It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS
Leia menos
Leia mais
Tecnologia
Diversão e humor
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 15
Baixar agora
Baixar para ler offline
Recomendados
Simple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
social engineering
social engineering
Harri Levo
Facebook Password Sniper
Facebook Password Sniper
hellishyard9256
Coding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
Stefan Fodor
PacMan Rebourn
PacMan Rebourn
Stefan Fodor
Attack of the BEAST
Attack of the BEAST
Stefan Fodor
Risk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
Recomendados
Simple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
social engineering
social engineering
Harri Levo
Facebook Password Sniper
Facebook Password Sniper
hellishyard9256
Coding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
Stefan Fodor
PacMan Rebourn
PacMan Rebourn
Stefan Fodor
Attack of the BEAST
Attack of the BEAST
Stefan Fodor
Risk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
It Security Project
It Security Project
Stefan Fodor
Squash that Bug!
Squash that Bug!
Stefan Fodor
Protocols for Embedded Node
Protocols for Embedded Node
Stefan Fodor
Qualys Threads
Qualys Threads
Stefan Fodor
2FLogin
2FLogin
Stefan Fodor
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Stefan Fodor
Ruby on Rails 3
Ruby on Rails 3
Stefan Fodor
Side channel attacks
Side channel attacks
Stefan Fodor
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
dry_run_exam
dry_run_exam
Stefan Fodor
Logs
Logs
Stefan Fodor
Reconnaissance software
Reconnaissance software
Stefan Fodor
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
Network proj 1.1
Network proj 1.1
Stefan Fodor
Network telnet ssh
Network telnet ssh
Stefan Fodor
Lunar
Lunar
Stefan Fodor
Hitchikers guide, rev3
Hitchikers guide, rev3
Stefan Fodor
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Neo4j
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
marketing932765
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
itnewsafrica
Mais conteúdo relacionado
Mais de Stefan Fodor
It Security Project
It Security Project
Stefan Fodor
Squash that Bug!
Squash that Bug!
Stefan Fodor
Protocols for Embedded Node
Protocols for Embedded Node
Stefan Fodor
Qualys Threads
Qualys Threads
Stefan Fodor
2FLogin
2FLogin
Stefan Fodor
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Stefan Fodor
Ruby on Rails 3
Ruby on Rails 3
Stefan Fodor
Side channel attacks
Side channel attacks
Stefan Fodor
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
dry_run_exam
dry_run_exam
Stefan Fodor
Logs
Logs
Stefan Fodor
Reconnaissance software
Reconnaissance software
Stefan Fodor
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
Network proj 1.1
Network proj 1.1
Stefan Fodor
Network telnet ssh
Network telnet ssh
Stefan Fodor
Lunar
Lunar
Stefan Fodor
Hitchikers guide, rev3
Hitchikers guide, rev3
Stefan Fodor
Mais de Stefan Fodor
(17)
It Security Project
It Security Project
Squash that Bug!
Squash that Bug!
Protocols for Embedded Node
Protocols for Embedded Node
Qualys Threads
Qualys Threads
2FLogin
2FLogin
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Ruby on Rails 3
Ruby on Rails 3
Side channel attacks
Side channel attacks
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
dry_run_exam
dry_run_exam
Logs
Logs
Reconnaissance software
Reconnaissance software
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Network proj 1.1
Network proj 1.1
Network telnet ssh
Network telnet ssh
Lunar
Lunar
Hitchikers guide, rev3
Hitchikers guide, rev3
Último
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Neo4j
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
marketing932765
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
itnewsafrica
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Nikki Chapple
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
ThousandEyes
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Hiroshi SHIBATA
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
Bernd Ruecker
2024 April Patch Tuesday
2024 April Patch Tuesday
Ivanti
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
itnewsafrica
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Wes McKinney
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
TopCSSGallery
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Kaya Weers
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Mydbops
Último
(20)
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
2024 April Patch Tuesday
2024 April Patch Tuesday
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
Facebook
1.
Hacking Facebook Stefan
FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN
2.
3.
Man-in-the-middle-atack
4.
Hacking no 1
(ARP poisoning)
5.
Hacking no 2
(Firesheep)
6.
XSS
7.
Facebook applications
8.
Hacking no 3
(XSSing)
9.
Questions?
10.
11.
12.
13.
Last login
14.
Autologin (“remember me”
box)
15.
Cookie jar
16.
Men in the
middle attack
17.
18.
Wireshark authentication cookies
19.
Modify existing cookies
20.
Refresh the page
21.
Wanna see a
demo?
22.
Firesheep
23.
24.
Security vulnerability of
web applications
25.
Inject code into
the webpage
26.
27.
Created by third-parties
28.
Some sort of
social-coding?
29.
30.
Useful
31.
Fun
32.
Entertaining
33.
Challenging
34.
...vulnerable to XSS!
35.
XSSing Facebook http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!
36.
37.
Send it to
a server
38.
Store the cookies
39.
Have fun!
40.
In theory this
should work...
41.
Questions?
42.
43.
http://codebutler.com/firesheep
44.
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
45.
http://www.xssed.com/mirror/59032/
Notas do Editor
Dmesg – messages from kernel
Baixar agora