Handlers

This page was used during Firesheep development to keep track of sites used for testing.

Just because a site is listed here does not mean it has been confirmed vulnerable to session hijacking!

Service Name	Domain	Status	Clears session on server upon logout?
Amazon	amazon.com	Complete
Basecamp	basecamphq.com	Complete
bit.ly	bit.ly	Complete
Enom	enom.com	Complete
FaceBook	facebook.com	Complete
FourSquare	foursquare.com	Complete	No
Github	github.com	Complete
Google	google.com	Complete
Hacker News	news.ycombinator.com	Complete
Harvest	harvestapp.com	Complete
The New York Times	nytimes.com	Complete
Pivotal Tracker	pivotaltracker.com	Complete
Twitter	twitter.com	Complete
ToorCon: San Diego	sandiego.toorcon.org	Complete
Evernote	evernote.com	Complete	No
Dropbox	dropbox.com	Complete
Windows Live	live.com/bing.com	Complete	No
Cisco	cco.cisco.com	Complete
Slicehost	manage.slicehost.com	Complete
Gowalla	gowalla.com	Complete
Flickr	flickr.com	Complete
Yahoo	yahoo.com	Complete
eBay	ebay.com	Pending
LinkedIn	linkedin.com	Submitted	No
Disqus	disqus.com	Pending
IntenseDebate	intensedebate.com	Pending
Digg	digg.com	Pending
Reddit	reddit.com	Pending
Gravatar	gravatar.com	Pending
Scribd	scribd.com	Pending
Wikipedia (Generic mediawiki?)	wikipedia.org	Pending
TripIt	tripit.com	Pending
Blogger	blogger.com	Pending
GoDaddy	godaddy.com	Pending
Posterous	posterous.com	Complete
Tumblr	tumblr.com	Pending
Netflix	netflix.com	Pending
Youtube	youtube.com	Pending
ISC2	isc2.com	Pending
Slashdot	slashdot.org	Pending
MobileMe	me.com	Pending
Paypal	paypal.com	Pending
Salesforce	salesforce.com	Pending
Craigslist	craigslist.org	Pending
Myspace	myspace.com	Pending
Match	match.com	Pending
AOL	aol.com	Pending
Hyves	hyves.nl	Pending