Skip to content
This repository

This page was used during Firesheep development to keep track of sites used for testing.

Just because a site is listed here does not mean it has been confirmed vulnerable to session hijacking!

Service Name Domain Status Clears session on server upon logout?
Amazon amazon.com Complete
Basecamp basecamphq.com Complete
bit.ly bit.ly Complete
Enom enom.com Complete
FaceBook facebook.com Complete
FourSquare foursquare.com Complete No
Github github.com Complete
Google google.com Complete
Hacker News news.ycombinator.com Complete
Harvest harvestapp.com Complete
The New York Times nytimes.com Complete
Pivotal Tracker pivotaltracker.com Complete
Twitter twitter.com Complete
ToorCon: San Diego sandiego.toorcon.org Complete
Evernote evernote.com Complete No
Dropbox dropbox.com Complete
Windows Live live.com/bing.com Complete No
Cisco cco.cisco.com Complete
Slicehost manage.slicehost.com Complete
Gowalla gowalla.com Complete
Flickr flickr.com Complete
Yahoo yahoo.com Complete
eBay ebay.com Pending
LinkedIn linkedin.com Submitted No
Disqus disqus.com Pending
IntenseDebate intensedebate.com Pending
Digg digg.com Pending
Reddit reddit.com Pending
Gravatar gravatar.com Pending
Scribd scribd.com Pending
Wikipedia (Generic mediawiki?) wikipedia.org Pending
TripIt tripit.com Pending
Blogger blogger.com Pending
GoDaddy godaddy.com Pending
Posterous posterous.com Complete
Tumblr tumblr.com Pending
Netflix netflix.com Pending
Youtube youtube.com Pending
ISC2 isc2.com Pending
Slashdot slashdot.org Pending
MobileMe me.com Pending
Paypal paypal.com Pending
Salesforce salesforce.com Pending
Craigslist craigslist.org Pending
Myspace myspace.com Pending
Match match.com Pending
AOL aol.com Pending
Hyves hyves.nl Pending
Something went wrong with that request. Please try again.