After conducting research I have found that Pinterest social networking website is prone to session hijacking (Man in the middle attack). The attack was carried out using Backtrack 5 and using Firefox add-ons and a tool named Wireshark.
This blog
will give an understanding on how you can carry out the attack.
First of
all download the Firefox add-on's Greasemonkey and Advanced Cookie manager.
Posted by: Gareth Davies
Twitter: Gareth_Davies_
After
the two add-ons are installed you need to go to the Greasemonkey user scripts
page and download and install the original cookie injector(The one that is
rated is the one to download)
Once
these add-ons are installed you need to install a tool named Wireshark, this
tool is available on Windows, Mac, Linux etc.
Once you
have installed Wireshark and start scanning your network traffic, you should be
able to capture the Pinterest cookie. In this picture you'll be able to see
that the cookie is already highlighted. Once the cookie is highlighted, right
click and click copy, bytes and then printable text only.
Once you
have copied the cookie you can then go to the Pinterest website, first of all
you need to go to your cookie manager and delete all the cookies on that
browser. Once they are deleted then press ALT+C and the Wireshark Cookie Dump
will appear(That's why you download the cookie injector). You then Paste the
cookie into the text box, click okay. and..
As you
can then see in the top right hand corner my test account name has appeared.
Shows that my session has been Hijacked.
While
you're in the account you can pretty much do anything. Change the email address
of the account very easily, can basically take over the account.
The Hack
has been tested on the latest iOS software (7.0.4)
plus also
a Windows PC using Firefox Browser.
Posted by: Gareth Davies
Twitter: Gareth_Davies_
