Monday, January 30, 2012

MITM Attack: Session hijacking and cookie stealing (Facebook)

Beware of Facebook cookie stealing and session hijacking:
Check your account setting and see your active sessions.
You will see something like this.

"Active Sessions

Current Session
Location:
Makati, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
If you notice any unfamiliar devices or locations, click 'End Activity' to end the session. This list does not currently include sessions on Facebook's mobile site (m.facebook.com).
Last Accessed:
Today at 12:37pm
End Activity
Location:
Makati, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Today at 7:37am
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 7:00pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 5:22pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 3:33pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Yesterday at 12:28pm
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Unknown
Last Accessed:
Friday at 3:03pm
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 26 at 3:21pm
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 25 at 7:43am
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 25 at 5:51am
End Activity
Location:
Manila, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Last Accessed:
January 19 at 10:50am
End Activity
Location:
Quezon City, MAN, PH (Approximate)
Device Type:
Safari on MacOSX
Session Initiated:
August 20 at 7:32am
End Activity
Application Name:
Facebook for iPhone"

Facebook now offers the options for HTTPS all of the time. You can read the full details here:
http://blog.facebook.com/blog.php?post=486790652130

A Continued Commitment to Security
This Friday is Data Privacy Day, an international effort by governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information...
By: Facebook

Sunday, January 22, 2012

Successfully Installed yersinia on Mac OS X Version 10.6.8

Finally, I was able to install yersinia on my mac osx version 10.6.8.

I build the dependencies using MacPorts 2.0.3.
Preparation:
0. Install pcap, libnet,
1. sudo port install libnet

My steps:
0. Extract yersinia tarball
1. ./configure -with-libnet-includes=/usr/include/ --disable-gtk --with-pcap-includes=/usr/include

Yersinia, our beloved one, has been configured with the following options.
Remote admin : true
Use ncurses : true
Use gtk : no

2. make
3. make install
4. make clean