Many of us know that phishing is also a trick to hack a facebook and session hijicking but hacker can do both at a same time. This vulnerability was happened on Facebook (static FBML) .Example here
What user will do ??
1. Checks for the URL.
2. Checks for which year the page was create.
Is it easy to fool the people?
Yes, by creating a new page in facebook in such way that user has to beliveness.
How its work??
1.Once the user clicks the link the session(cookies) where stolen by the hacker using That he can login any users account without a username and password
2. usually the users will check for the URL once it was known 1 they can enterning a userename and password.
3.After hitting the button Test your Password , Page will reflect a Thankyou Msg and it will popup with a paswd Rank
4. Check ur email spam there must a email on this and it will say that ur password was wrong trying again
Countermeasures:
1.Dont click a new link from a person u don’t know..
2.Facebook is not going to ask ur password is strong are not.
3.Some of the virus and worm (scam) was spreading in facebook applications.
share
1 comment:
How to create own session hijacking
Post a Comment