Bringing in the Sheep: the FireSheep firestorm

Devlin Daley devlin at instructure.com
Thu Nov 4 14:34:09 MDT 2010


On Thu, Nov 4, 2010 at 2:24 PM, Nathan <pluggie at gmail.com> wrote:

> The other wrinkle is that even if the developer moves the session to SSL,
> they might forget to mark the cookie secure.  So when the user goes to
> their
> old http:// bookmark they might still leak out their session cookie and
> be vulnerable to session-jacking.
>
> -nage
>
>
True story. Another way to exploit cookies not limited to SSL only is to
observe DNS queries from clients, and then when they download any webpage
over HTTP, just inject into that stream the HTML markup to load a bogus URL
on a domain you want to hijack. The browser will make a request to your
bogus asset at that domain without SSL and reveal the session cookie.

—Devlin


More information about the PLUG mailing list