[ale] firefox question
Jay Loden
ale at jayloden.com
Mon Aug 6 17:12:06 EDT 2007
Greg Freemyer wrote:
> BTW: Was it previously known that someone listening in on a http: link
> could grab your authentication cookie and pretend to be you? An
> article out of blackhat was the first time I had heard about it.
I could be wrong (I'm not an expert on cookies) but I'm fairly certain this is
true for just about any HTTP application that uses session cookies for
authentication. Stealing/cloning cookies is an old technique.
Reference:
http://en.wikipedia.org/wiki/Session_hijacking
http://darksleep.com/notablog/format.cgi?article=Http_Cookie_Sniffing.txt
Since the cookie gets transmitted with every request, and the requests in this
case are over unprotected HTTP, it's of course vulnerable to cookie hijacking.
> I particularly think about my home usage where I connect via Comcast.
> I believe the way Comcast works, any of my neighbors could be set up a
> sniffer?
Certainly if someone can sniff your traffic at any point via a spanned switch or
a hub connection, then they would be able to steal session cookies. I believe
that cable modem connections are similar to being on a LAN with a hub connection
where other users on the same segment can 'see' each others' traffic.
-Jay
More information about the Ale
mailing list