Facebook

•Télécharger en tant que ODP, PDF•

0 j'aime•503 vues

Stefan Fodor

It Security demonstration - Hacking Facebook using Man-in-the-middle attack and XSS

Technologie Divertissement et humour

Hacking Facebook Stefan FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN

Save user's preferences ,[object Object]

Location ,[object Object],[object Object]

Contenu connexe

Plus de Stefan Fodor

It Security ProjectStefan Fodor

Squash that Bug!Stefan Fodor

Protocols for Embedded NodeStefan Fodor

Qualys ThreadsStefan Fodor

2FLoginStefan Fodor

Lillebaelt Academy - roStefan Fodor

Ruby on Rails 3Stefan Fodor

Side channel attacksStefan Fodor

Special Subject 1+2: RoR 2Stefan Fodor

dry_run_examStefan Fodor

LogsStefan Fodor

Reconnaissance software Stefan Fodor

Special Subject 1+2: RoR 1Stefan Fodor

Network proj 1.1Stefan Fodor

Network telnet sshStefan Fodor

LunarStefan Fodor

Hitchikers guide, rev3Stefan Fodor

Plus de Stefan Fodor (17)

It Security Project

Squash that Bug!

Protocols for Embedded Node

Qualys Threads

2FLogin

Lillebaelt Academy - ro

Ruby on Rails 3

Side channel attacks

Special Subject 1+2: RoR 2

dry_run_exam

Logs

Reconnaissance software

Special Subject 1+2: RoR 1

Network proj 1.1

Network telnet ssh

Lunar

Hitchikers guide, rev3

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra

Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays

Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services

Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz

Architecting Cloud Native ApplicationsWSO2

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10

Exploring Multimodal Embeddings with MilvusZilliz

Apidays New York 2024 - The value of a flexible API Management solution for O...apidays

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea

Why Teams call analytics are critical to your entire businesspanagenda

Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez

ICT role in 21st century education and its challengesrafiqahmad00786416

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays

[BuildWithAI] Introduction to Gemini.pdfSandro Moreira

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays

Understanding the FAA Part 107 License ..Christopher Logan Kennedy

Dernier (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Artificial Intelligence Chap.5 : Uncertainty

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Vector Search -An Introduction in Oracle Database 23ai.pptx

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Architecting Cloud Native Applications

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Exploring Multimodal Embeddings with Milvus

Apidays New York 2024 - The value of a flexible API Management solution for O...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Why Teams call analytics are critical to your entire business

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

ICT role in 21st century education and its challenges

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

[BuildWithAI] Introduction to Gemini.pdf

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Understanding the FAA Part 107 License ..

Facebook

1. Hacking Facebook Stefan FODOR(backb0ne fl00d3r ) 17 th of May Vlad ZAHAN

3. Man-in-the-middle-atack

4. Hacking no 1 (ARP poisoning)

5. Hacking no 2 (Firesheep)

6. XSS

7. Facebook applications

8. Hacking no 3 (XSSing)

9. Questions?

10.

11.

12.

13. Last login

14. Autologin (“remember me” box)

15. Cookie jar

16. Men in the middle attack

17.

18. Wireshark authentication cookies

19. Modify existing cookies

20. Refresh the page

21. Wanna see a demo?

22. Firesheep

23.

24. Security vulnerability of web applications

25. Inject code into the webpage

26.

27. Created by third-parties

28. Some sort of social-coding?

29.

30. Useful

31. Fun

32. Entertaining

33. Challenging

34. ...vulnerable to XSS!

35. XSSing Facebook http://apps.facebook.com/flixville/search/?locale=US&searchText=%22%3E%3Cfont%20size=70%20color=red%3EStefan%20said:%20Greetings%20Morten!

36.

37. Send it to a server

38. Store the cookies

39. Have fun!

40. In theory this should work...

41. Questions?

42.

43. http://codebutler.com/firesheep

44. https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

45. http://www.xssed.com/mirror/59032/

Notes de l'éditeur

Dmesg – messages from kernel

Facebook

Recommandé

Recommandé

Contenu connexe

Plus de Stefan Fodor

Plus de Stefan Fodor (17)

Dernier

Dernier (20)

Facebook

Notes de l'éditeur