hi everyone. i’m writing a thesis on Facebook Connect implementation and on its vulnerability issues.
Since its for educational purpose,it’s important for me to simulate a side jacking attack. i’ve used this configuration: one vbox guest machine (WinXP) acting as client and one vbox host machine (openSuse) acting as connection gateway (on wich Wireshark is sniffing packets).
on the guest machine, after having flushed cookies and browser history, i have shared a youtube video on my fb profile through fb connect, while on host i've recorded network traffic. after that, i just closed the browser (not logged out), moved to host, filtered traffing for packets that contains http cookies related to user session.
After that, i've tried, on host, to share a YT video on FB using these captured cookies. for that purpose i've used Cookie Manager+ ff extension. anyway, this trick doesn't work and my credential (even not my name, but my password yes) are still needed. i'm sure that i can use cookies usefully, but i don't know how practically. I'd like to know from you which cookies have to be injected and also whic other part of the request (e.g. querystring) have to be inserted, so that this attack is effective? i've tried other tools (Firesheep ,py-cookieJsInjection, Hamster and Ferret) that help to straightforward the process, but none of these helped.
thanks Luke