Bringing in the Sheep: the FireSheep firestorm

Devlin Daley devlin at
Thu Nov 4 14:34:09 MDT 2010

On Thu, Nov 4, 2010 at 2:24 PM, Nathan <pluggie at> wrote:

> The other wrinkle is that even if the developer moves the session to SSL,
> they might forget to mark the cookie secure.  So when the user goes to
> their
> old http:// bookmark they might still leak out their session cookie and
> be vulnerable to session-jacking.
> -nage
True story. Another way to exploit cookies not limited to SSL only is to
observe DNS queries from clients, and then when they download any webpage
over HTTP, just inject into that stream the HTML markup to load a bogus URL
on a domain you want to hijack. The browser will make a request to your
bogus asset at that domain without SSL and reveal the session cookie.


More information about the PLUG mailing list