Enviar búsqueda
Cargar
Facebook
•
Descargar como ODP, PDF
•
0 recomendaciones
•
502 vistas
Stefan Fodor
Seguir
It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS
Leer menos
Leer más
Tecnología
Entretenimiento y humor
Denunciar
Compartir
Denunciar
Compartir
1 de 15
Descargar ahora
Recomendados
Simple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
social engineering
social engineering
Harri Levo
Facebook Password Sniper
Facebook Password Sniper
hellishyard9256
Coding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
Stefan Fodor
PacMan Rebourn
PacMan Rebourn
Stefan Fodor
Attack of the BEAST
Attack of the BEAST
Stefan Fodor
Risk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
Recomendados
Simple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
social engineering
social engineering
Harri Levo
Facebook Password Sniper
Facebook Password Sniper
hellishyard9256
Coding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
Stefan Fodor
PacMan Rebourn
PacMan Rebourn
Stefan Fodor
Attack of the BEAST
Attack of the BEAST
Stefan Fodor
Risk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
It Security Project
It Security Project
Stefan Fodor
Squash that Bug!
Squash that Bug!
Stefan Fodor
Protocols for Embedded Node
Protocols for Embedded Node
Stefan Fodor
Qualys Threads
Qualys Threads
Stefan Fodor
2FLogin
2FLogin
Stefan Fodor
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Stefan Fodor
Ruby on Rails 3
Ruby on Rails 3
Stefan Fodor
Side channel attacks
Side channel attacks
Stefan Fodor
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
dry_run_exam
dry_run_exam
Stefan Fodor
Logs
Logs
Stefan Fodor
Reconnaissance software
Reconnaissance software
Stefan Fodor
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
Network proj 1.1
Network proj 1.1
Stefan Fodor
Network telnet ssh
Network telnet ssh
Stefan Fodor
Lunar
Lunar
Stefan Fodor
Hitchikers guide, rev3
Hitchikers guide, rev3
Stefan Fodor
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Más contenido relacionado
Más de Stefan Fodor
It Security Project
It Security Project
Stefan Fodor
Squash that Bug!
Squash that Bug!
Stefan Fodor
Protocols for Embedded Node
Protocols for Embedded Node
Stefan Fodor
Qualys Threads
Qualys Threads
Stefan Fodor
2FLogin
2FLogin
Stefan Fodor
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Stefan Fodor
Ruby on Rails 3
Ruby on Rails 3
Stefan Fodor
Side channel attacks
Side channel attacks
Stefan Fodor
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
dry_run_exam
dry_run_exam
Stefan Fodor
Logs
Logs
Stefan Fodor
Reconnaissance software
Reconnaissance software
Stefan Fodor
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
Network proj 1.1
Network proj 1.1
Stefan Fodor
Network telnet ssh
Network telnet ssh
Stefan Fodor
Lunar
Lunar
Stefan Fodor
Hitchikers guide, rev3
Hitchikers guide, rev3
Stefan Fodor
Más de Stefan Fodor
(17)
It Security Project
It Security Project
Squash that Bug!
Squash that Bug!
Protocols for Embedded Node
Protocols for Embedded Node
Qualys Threads
Qualys Threads
2FLogin
2FLogin
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Ruby on Rails 3
Ruby on Rails 3
Side channel attacks
Side channel attacks
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
dry_run_exam
dry_run_exam
Logs
Logs
Reconnaissance software
Reconnaissance software
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Network proj 1.1
Network proj 1.1
Network telnet ssh
Network telnet ssh
Lunar
Lunar
Hitchikers guide, rev3
Hitchikers guide, rev3
Último
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
BkGupta21
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Precisely
Último
(20)
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Facebook
1.
Hacking Facebook Stefan
FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN
2.
3.
Man-in-the-middle-atack
4.
Hacking no 1
(ARP poisoning)
5.
Hacking no 2
(Firesheep)
6.
XSS
7.
Facebook applications
8.
Hacking no 3
(XSSing)
9.
Questions?
10.
11.
12.
13.
Last login
14.
Autologin (“remember me”
box)
15.
Cookie jar
16.
Men in the
middle attack
17.
18.
Wireshark authentication cookies
19.
Modify existing cookies
20.
Refresh the page
21.
Wanna see a
demo?
22.
Firesheep
23.
24.
Security vulnerability of
web applications
25.
Inject code into
the webpage
26.
27.
Created by third-parties
28.
Some sort of
social-coding?
29.
30.
Useful
31.
Fun
32.
Entertaining
33.
Challenging
34.
...vulnerable to XSS!
35.
XSSing Facebook http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!
36.
37.
Send it to
a server
38.
Store the cookies
39.
Have fun!
40.
In theory this
should work...
41.
Questions?
42.
43.
http://codebutler.com/firesheep
44.
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
45.
http://www.xssed.com/mirror/59032/
Notas del editor
Dmesg – messages from kernel
Descargar ahora