Attacks Against Mishandling Of Tokens
- Facebook uses HTTPS to protect user's credentials while logging in but turns back to HTTP after logging in thus credentials are made safe but not the session tokens. Reality is that those token are transmitted every-time when page is changed or reloaded thus leaving session tokens readily available for sniffing. Any packet sniffing tool for example wireshark, ettercap, dsniff, Cain And Abels, Ace Sniffer etc can be used for attacking such disclosure over network. Read our post how to hack facebook password using wireshark to get real idea bout how attack is performed on this foolish implementation.
- You may have noticed several websites on which when you arrive at log-in page you see HTTP in URL but when you press log-in it tries to switch to HTTPS. If an attacker positioned properly between user and website he/she can downgrade such connection completely to use HTTP to reveal session tokens over network or simply he/she will modify victim's browser to use only HTTP. Attack on such connection can be made using Ettercap and SSL strip.
- A website using both HTTP and HTTPS connection simultaneously is also vulnerable to attack.