1

I have tested programs like SSLStrip or dSploit that hijack a Facebook session. This is: if the user logs in and the computer running the interceptor program (i.e: dSploit) is onto the same network (LAN), it is possible to hijack that Facebook session, and act like the owner of the remote computer.

Is this actually possible to be done when having physical access to the computer?

Example: I establish a connection to my Facebook account, but sometimes I must leave the computer for a while. If I forget to close my Facebook session, could someone sit on my desktop and grab any file that contains my Facebook session so that he keeps browsing my chats comfortably on another computer, without fearing that I will come back? Or even enter the office during the night with a pendrive, power on my computer and exit the office carrying all the data that allows him to identify as me on Facebook using another computer?

Of course, I think I could test all this by starting locally the same programs I tested for remote hijacking, but isn't there some more simple way, like grabbing any file from inside Mozilla Firefox?

Maybe this attack depends on the internet browser to be hijacked?

Arjan
  • 30,974
  • 14
  • 75
  • 112
Sopalajo de Arrierez
  • 6,603
  • 11
  • 63
  • 97
  • Before Facebook switched to https this was easily done with firesheep. – spuder Jan 25 '14 at 16:11
  • 1
    What exactly do you mean by locally? LAN is `Local Area network`. Your question is confusing. – Ramhound Jan 25 '14 at 16:37
  • You are right, I have been ambiguous. I wrote "locally" meaning "inside the local computer". Think about a computer alone (no more computers at office) connected to internet: could someone enter during the night at my office with a pendrive, power on that computer and exit the office carrying all the data that allows him to identify as me on Facebook in another computer? (My Facebook session at Mozilla Firefox is always open, I do never close Facebook session). Hope this makes things clear, but ask me for further explanations if needed. Should I edit the original post? I am still a newbie. – Sopalajo de Arrierez Jan 25 '14 at 16:53
  • Generally speaking anything that can be done remotely can be done even more easily with local/physical access. If someone can sneak in and modify your system, they could equally just install a keylogger which would be far more convenient for getting access to your Facebook. – deed02392 Jan 25 '14 at 17:03
  • Of course that installing a keylogger could do the trick, but this thread is mostly about session hijacking, a very different technique. And, even with keylogging, the attacker may not be able to success if "Do not close session" was checked at Facebook logon. – Sopalajo de Arrierez Jan 25 '14 at 21:26

2 Answers2

1

You don't need a keylogger or anything fancy when using firefox or google chrome.

Go to the following menu in firefox: Preferences -> Preferences -> Security -> Stored passwords

There you see all stored passwords, including the facebook account you saved. When you select "Show passwords" You we see all the stored passwords on account.

Similar option exists on chrome. Not sure about IE, but you can install firefox or chrome on the computer, import passwords and show them trough above way.

If you want to prevent anyone from doing something like that, just keep to some basic security into acount:

  • Restrict physical access to you PC: lock your office!
  • Protect your computer with a strong password
  • Lock your PC or logout
Tim
  • 1,083
  • 9
  • 13
  • Maybe the password is not stored in the web browser. If "Do not close session" was checked at Facebook logon, there is no need to save the password in Firefox. Even between operating system reboots. – Sopalajo de Arrierez Jan 25 '14 at 21:29
0

Well, I have finally done! It was easier than I could have imagined: just a matter of grabbing this folder (in Windows): 

%APPDATA%\Mozilla\Firefox\Profiles\xxxxxxxx.default\

and restoring it to another computer, following official instructions.
I have tested it between Windows computers, but I think this should work for Mozilla Firefox in any platform.

Sopalajo de Arrierez
  • 6,603
  • 11
  • 63
  • 97