hi everyone. i'm writing a thesis on Facebook Connect implementation and on its vulnerability issues.
Since its for educational purpose,it's important for me to simulate a side jacking attack. i've used this configuration: one vbox guest machine (WinXP) acting as client and one vbox host machine (openSuse) acting as connection gateway (on wich Wireshark is sniffing packets).
on the guest machine, after having flushed cookies and browser history, i have shared a youtube video on my fb profile through fb connect, while on host i've recorded network traffic. after that, i just closed the browser (not logged out), moved to host, filtered traffing for packets that contains http cookies related to user session.