Soumettre la recherche
Mettre en ligne
Facebook
•
Télécharger en tant que ODP, PDF
•
0 j'aime
•
503 vues
Stefan Fodor
Suivre
It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS
Lire moins
Lire la suite
Technologie
Divertissement et humour
Signaler
Partager
Signaler
Partager
1 sur 15
Télécharger maintenant
Recommandé
Simple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
social engineering
social engineering
Harri Levo
Facebook Password Sniper
Facebook Password Sniper
hellishyard9256
Coding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
Stefan Fodor
PacMan Rebourn
PacMan Rebourn
Stefan Fodor
Attack of the BEAST
Attack of the BEAST
Stefan Fodor
Risk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
Recommandé
Simple Two Factor Authentication
Simple Two Factor Authentication
John Congdon
social engineering
social engineering
Harri Levo
Facebook Password Sniper
Facebook Password Sniper
hellishyard9256
Coding Gateway - Exam Stefan
Coding Gateway - Exam Stefan
Stefan Fodor
Collaboration Tools and Methods in Software Development
Collaboration Tools and Methods in Software Development
Stefan Fodor
PacMan Rebourn
PacMan Rebourn
Stefan Fodor
Attack of the BEAST
Attack of the BEAST
Stefan Fodor
Risk assesment IT Security project
Risk assesment IT Security project
Stefan Fodor
It Security Project
It Security Project
Stefan Fodor
Squash that Bug!
Squash that Bug!
Stefan Fodor
Protocols for Embedded Node
Protocols for Embedded Node
Stefan Fodor
Qualys Threads
Qualys Threads
Stefan Fodor
2FLogin
2FLogin
Stefan Fodor
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Stefan Fodor
Ruby on Rails 3
Ruby on Rails 3
Stefan Fodor
Side channel attacks
Side channel attacks
Stefan Fodor
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
dry_run_exam
dry_run_exam
Stefan Fodor
Logs
Logs
Stefan Fodor
Reconnaissance software
Reconnaissance software
Stefan Fodor
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
Network proj 1.1
Network proj 1.1
Stefan Fodor
Network telnet ssh
Network telnet ssh
Stefan Fodor
Lunar
Lunar
Stefan Fodor
Hitchikers guide, rev3
Hitchikers guide, rev3
Stefan Fodor
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Contenu connexe
Plus de Stefan Fodor
It Security Project
It Security Project
Stefan Fodor
Squash that Bug!
Squash that Bug!
Stefan Fodor
Protocols for Embedded Node
Protocols for Embedded Node
Stefan Fodor
Qualys Threads
Qualys Threads
Stefan Fodor
2FLogin
2FLogin
Stefan Fodor
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Stefan Fodor
Ruby on Rails 3
Ruby on Rails 3
Stefan Fodor
Side channel attacks
Side channel attacks
Stefan Fodor
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
Stefan Fodor
dry_run_exam
dry_run_exam
Stefan Fodor
Logs
Logs
Stefan Fodor
Reconnaissance software
Reconnaissance software
Stefan Fodor
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Stefan Fodor
Network proj 1.1
Network proj 1.1
Stefan Fodor
Network telnet ssh
Network telnet ssh
Stefan Fodor
Lunar
Lunar
Stefan Fodor
Hitchikers guide, rev3
Hitchikers guide, rev3
Stefan Fodor
Plus de Stefan Fodor
(17)
It Security Project
It Security Project
Squash that Bug!
Squash that Bug!
Protocols for Embedded Node
Protocols for Embedded Node
Qualys Threads
Qualys Threads
2FLogin
2FLogin
Lillebaelt Academy - ro
Lillebaelt Academy - ro
Ruby on Rails 3
Ruby on Rails 3
Side channel attacks
Side channel attacks
Special Subject 1+2: RoR 2
Special Subject 1+2: RoR 2
dry_run_exam
dry_run_exam
Logs
Logs
Reconnaissance software
Reconnaissance software
Special Subject 1+2: RoR 1
Special Subject 1+2: RoR 1
Network proj 1.1
Network proj 1.1
Network telnet ssh
Network telnet ssh
Lunar
Lunar
Hitchikers guide, rev3
Hitchikers guide, rev3
Dernier
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
Dernier
(20)
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Facebook
1.
Hacking Facebook Stefan
FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN
2.
3.
Man-in-the-middle-atack
4.
Hacking no 1
(ARP poisoning)
5.
Hacking no 2
(Firesheep)
6.
XSS
7.
Facebook applications
8.
Hacking no 3
(XSSing)
9.
Questions?
10.
11.
12.
13.
Last login
14.
Autologin (“remember me”
box)
15.
Cookie jar
16.
Men in the
middle attack
17.
18.
Wireshark authentication cookies
19.
Modify existing cookies
20.
Refresh the page
21.
Wanna see a
demo?
22.
Firesheep
23.
24.
Security vulnerability of
web applications
25.
Inject code into
the webpage
26.
27.
Created by third-parties
28.
Some sort of
social-coding?
29.
30.
Useful
31.
Fun
32.
Entertaining
33.
Challenging
34.
...vulnerable to XSS!
35.
XSSing Facebook http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!
36.
37.
Send it to
a server
38.
Store the cookies
39.
Have fun!
40.
In theory this
should work...
41.
Questions?
42.
43.
http://codebutler.com/firesheep
44.
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
45.
http://www.xssed.com/mirror/59032/
Notes de l'éditeur
Dmesg – messages from kernel
Télécharger maintenant