Skip to content


codebutler edited this page Jul 26, 2011 · 1 revision

This page was used during Firesheep development to keep track of sites used for testing.

Just because a site is listed here does not mean it has been confirmed vulnerable to session hijacking!

Service Name Domain Status Clears session on server upon logout?
Amazon Complete
Basecamp Complete Complete
Enom Complete
FaceBook Complete
FourSquare Complete No
Github Complete
Google Complete
Hacker News Complete
Harvest Complete
The New York Times Complete
Pivotal Tracker Complete
Twitter Complete
ToorCon: San Diego Complete
Evernote Complete No
Dropbox Complete
Windows Live Complete No
Cisco Complete
Slicehost Complete
Gowalla Complete
Flickr Complete
Yahoo Complete
eBay Pending
LinkedIn Submitted No
Disqus Pending
IntenseDebate Pending
Digg Pending
Reddit Pending
Gravatar Pending
Scribd Pending
Wikipedia (Generic mediawiki?) Pending
TripIt Pending
Blogger Pending
GoDaddy Pending
Posterous Complete
Tumblr Pending
Netflix Pending
Youtube Pending
ISC2 Pending
Slashdot Pending
MobileMe Pending
Paypal Pending
Salesforce Pending
Craigslist Pending
Myspace Pending
Match Pending
AOL Pending
Hyves Pending
Clone this wiki locally
You can’t perform that action at this time.