«
»

[Security] Hijacking Session Cookies using Surfjack

Surfjack is the name given to an attack that allows a man in the middle to hijack session cookies even when the victim is making use of SSL instead of plaintext HTTP. The video embedding below shows the tool being demonstrated against a Gmail account. The proof of concept tool (also called surfjack) is able to work on both Ethernet by making use of ARP cache poisoning, and WiFi in monitor mode. Although Gmail somehow fixed the issue by setting the cookies to “secure”, many other sites are still vulnerable.

You can download the tool from here and a paper with more details on the subject.

The following is a video demonstration of how this affects Gmail and how to prevent this from affecting your you.

I must inform you again that Gmail now has an enforce HTTPS option, you can read about it in my previous post at Logging into Gmail using HTTPS

Via

Also ReadUnderstanding HTTP Cookies

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav

Related posts:

  1. [How-To] Grab Cookies and Passwords using WireShark [Part 2]
  2. Understanding HTTP Cookies
  3. Best posts on Technofriends from 30th March – 5th April 2009
  4. Gmail update : Multiple Session Info and Remote Logout
  5. Gmail gets more secure ( Default HTTPs for all)

This entry was posted on Tuesday, March 31st, 2009 at 12:29 pm and is filed under security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “[Security] Hijacking Session Cookies using Surfjack”

  1. I wasn’t aware that this could happens. thanks for the tool!

Leave a Reply