Security, today is a major concern while surfing on Internet. Many websites we use including Social networking sites, you require username and password to login and access content inside. Also, some have implemented tough system to protect privacy but here is a trick which lets you access websites without requiring Login Credentials.
When you login to any website using Username and password, system checks the information and authenticates your login and stores a cookie on your system which is then used for further requests. This is stored until you log-out or clear cookies from browser. Obviously it is very common for websites to protect your username and password by encrypting the initial login. In fact, after browsing, where the authentication is done through cookies, it is not encrypted, and when a malicious user takes possession of your cookie, they can have full access to the “website” provided they are on the same IP address. This is called HTTP session hijacking (sometimes called “sidejacking”) when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website.
When you login to any website using Username and password, system checks the information and authenticates your login and stores a cookie on your system which is then used for further requests. This is stored until you log-out or clear cookies from browser. Obviously it is very common for websites to protect your username and password by encrypting the initial login. In fact, after browsing, where the authentication is done through cookies, it is not encrypted, and when a malicious user takes possession of your cookie, they can have full access to the “website” provided they are on the same IP address. This is called HTTP session hijacking (sometimes called “sidejacking”) when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website.
- When you login via Open Wi Fi network, many others are connected to same and they have same IP Address. Firesheep is a Firefox extension designed to demonstrate how can one take possession of some other person’s cookies and login as himself on any site namely, Facebook, Gmail, etc.
- After installing this Firefox addon, you will see it in a sidebar. When you are on any Open / Busy WiFi, just press “Start Capturing” this starts searching for a user browsing some insecure site known to Firesheep and displays their name.
- When you double click on that link, you are logged in as themselves instantly.
- This is compatible with Mac OS X, Linux and Windows. Windows users need WinCap installed to use this.
0 comments
Post a Comment