Posted in: Blog, Posted On: Jan 21, 2014,Posted By: cyberinfoadmin
Google Plus “Man-in-the-middle” Attack Vulnerability
As a security researcher from cyber infosec, I spend my time on both application and web application security. During one of my researches, while I was focusing on auditing Session hijacking attacks on internal networks, I started working on Twitter, Facebook, Yahoo and Google & Google Plus. I just surprised I found few issues on all of them! And in this article I want to explain one of my cool findings on Google Plus! Which can be used to completely compromise an account? According to Wikipedia1, Google mail has around 425 million users in June 2012 so any serious vulnerabilities puts millions of users in risk. Finding session hijacking in Google plus! is not a new thing and is not that so hard
Session hijacking is when a hacker takes over a session between two machines. Since most authentications only occur at the start of a session, this allows the hacker to gain access to a account.
To find vulnerabilities you need a target and target selection is very important key in successful vulnerability discovery. Just place a proxy address on which we using on our company network (our connection will flow on the proxy then it connects to ISP). So I placed my company proxy IP on the victim machine so then connection goes over proxy server
On the proxy server running burp suite to capture the cookies that includes all the session cookies of Google accounts in my case I got one my Gmail cookies that includes a session cookie of Gmail so that I got access to all Google accounts like Google plus , YouTube ,blogger ,Google docs etc , In this case I am targeting my friend’s Google plus account I got session cookies some of the cookie was hided dude the security reason
Email ID & Photo Disclosed
Email ID & Photo of his friend disclosed of the victim’s Friends accounts
Hijacking user accounts
After got the session cookies on from the victim accounts we can login into victim account the most important and serious issues are even when the victim account was signed out they can logged into the account any time there is no session termination on the server side that session is expiration only on the browser side.