Description: https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-perry.pdf Last year during my Tor presentations at Black Hat and Defcon, and in a follow up post on BugTraq, I announced that many SSL secured websites are vulnerable to cookie hijacking by way of content element injection. Unfortunately, my announcement was overshadowed by Robert Graham's passive cookie stealing attacks (aka 'SideJacking').
The difference between our attacks is this: instead of sniffing passively for cookies, it is possible to actively cull them from targets on your local network by injecting images/iframes for desired sites into unrelated webpages. Moreover, since many sites do not set the 'secure' bit for their SSL cookies, it is even possible to grab cookies used in https sessions and use them to impersonate users. This will be demonstrated.
At the time of this writing, vulnerable SSL sites include Gmail, Facebook, Amazon, and many others. Since wide-spread awareness of the threat seems to be the only way to convince these vendors that they need to secure their cookies, fully automated exploit code will be provided two weeks after the demonstration (however, it is also possible to steal insecure https cookies with just airpwn and wireshark).
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 16 , Defcon 16 , dc-16 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.