Catatan Harian UntukKu

this night, i will share how to steal facebook cookies for newbies.

How to hack a facebook account – or, basically how to hijack php sessions. Yes – this is old news – yes its a common vulnerability – but you get a better idea for what it is and how it works when things are explained in detail (with screenshots!).

Before we begin, however, I want to re-emphasize that it is VERY EASY to protect yourself against this sort of attack. Facebook supports HTTPS, so when you browse facebook (or twitter for that matter) or if you have it bookmarked – please make sure you’re using HTTPS:// rather than HTTP:// in the URL at the very least, if not using a VPN solution for further encryption. Also, if the ‘victim’ logs out of facebook, the attackers session becomes invalid – so it’s a good practice to actually log out of facebook and log back in again rather than using the ‘remember me’ checkbox.

Facebook like many sites operates using authentication cookies. Their auth cookies contain a variety of information, but for our purposes this is irrelevant. Here is a sanitized cookie for reference:

Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc; lsd=Xesut; lxe=greg.evans%40****************; c_user=100001230367821; lo=wl9fcGXMhPfoT4bAhKFP3Q; lxs=1; sct=1276721745; xs=a615cfe596448194d6e2a8d062a90e4e

You can see the ‘lxe’ field is the login. We haven’t done any further research into what the various other fields mean, but using facebook without any kind of security you’re both leaking the email address used for your login and the session cookie.

First thing you’ll want to do is fire up your favorite packet capture application. For this example we’ve used Wireshark:

Next, set the filter in the top left to ” http.cookie contains “datr” “. This should show you only packets captured which contain the cookie we’re looking for. You can see that in this screenshot we’ve already captured a cookie.

Once you’ve found a suitable cookie, you can copy it into the buffer by right clicking on the cookie line, and clicking Copy -> Bytes (Printable Text Only)

Next you’ll want to open up firefox. You’ll need both greasemonkey and the cookieinjector script.

Simply browse to facebook – make sure you are not logged in:

Hit ALT-C to bring up the cookie injector dialog box:

Then paste in the cookie!

Hit refresh and – VIOLA! you’re now logged in as your victim! Now this doesn’t give you access to their credentials, this is about the equivalent to walking up to their workstation while they’re away from their desk and using facebook.

Neat huh? Pretty easy too. I smiled big when we demo’ed the attack in our lab – its old, sure, but being successful is always a good feeling!

sORE ini mulai cuaca enak dan asik dengan cahaya yang cukup terang dan indah, tak berfikir panjang, akhirnya nyolek sir agung di lab sebelah untuk beranjak ke perpustakaan yongdang dengan mengenakan bis antar kampus. perpustakaan yong dang cukup luas gedungnya, gedung lama yang tidak ada fasilitas eskalator maupun lift, semua ditempuh dengan jalan kaki, sekira 4-5 lantai naik ke atas. sambil melihat pantai busan dari dalam perpustakaan, dan akhir mengambil foto2 sekitar yg arahnya menjorok ke laut berupa semenanjung korea.

dalam moment ini, aye tak berfikir panjang, untuk memperjang jumlah koleksi buku yang wajib di baca semester ini, ada sekitar 5 buku yang harus dihatamkan segera, mereka adalah:

1. RHCE (Redhat Certified Engineer Linux) – Buku pegangan para hacker, meski pernah ambil sertifikasi ini, tapi coba dibaca lagi deh….
2. High Performance Embedded Computing – Belum pernah baca…baru akan mulai sekarang.
3. Error Correcting Codes theory and applications – melihat error di dalam baris perintah coding, algoritm dan alur.
4. Design pattterns in communications software – buku yg sudah dicari-cari dari 3 tahun lalu, akhirnya menemukan juga ini buku…
5. XHTML, XML, and java – ada proyek dikit dg referensi ini buku, lumayan bisa dikejar paketnya.

sebetulnya masih ada buku yang wajib di sikat lagi, cuma keberatan bawanya, mungkin dicicil dan nanti ditambahin lagi buku2nya yang kira2 ngerti mau kemana kaki ini berjalan, syukurlah, meski sudah 2 publikasi internasional dah masuk ke jurnal IEEE, ini tidak menandakan puas diri dengan prestasi yang sudah di raih..sekali mendayung selamanya dayung yg akan mengarungi.