Following my latest report on Instagram ,Instagram 3.1.2 for iPhone (released on Oct 23, 2012) is vulnerable to
a session riding attack that could lead an attacker on the same network
to gain access to the victim’s account.
In this PoC exploit an attacker on the same LAN of the victim could launch a simple ARP spoofing attack to trick mobile devices into directing port 80 traffic through the attackers machine. When the victim starts the Instagram app and performs any action that requires authentication, such as liking or unliking pictures, a plain text cookie is sent to the Instagram server, once the attacker gets the cookie he is able to login into the user’s account via web and perform a variety of actions.
The compromise uses a method called ARP (Address Resolution Protocol) spoofing,
an ARP spoofing attack redirects Instagram requests from the iPhone into a custom hyperfox proxy, when the proxy detects an Instagram cookie, a file
After the attacker gets a cookie, he could use a plugin like Modify Headers on Firefox to sign in as the user on the secure URL
Credit : The attack was developed by a security researcher Carlos Reventlov
In this PoC exploit an attacker on the same LAN of the victim could launch a simple ARP spoofing attack to trick mobile devices into directing port 80 traffic through the attackers machine. When the victim starts the Instagram app and performs any action that requires authentication, such as liking or unliking pictures, a plain text cookie is sent to the Instagram server, once the attacker gets the cookie he is able to login into the user’s account via web and perform a variety of actions.
The compromise uses a method called ARP (Address Resolution Protocol) spoofing,
an ARP spoofing attack redirects Instagram requests from the iPhone into a custom hyperfox proxy, when the proxy detects an Instagram cookie, a file
cookie/$IP_ADDRESS.txt
is created containing the cookie value.After the attacker gets a cookie, he could use a plugin like Modify Headers on Firefox to sign in as the user on the secure URL
https://instagram.com/accounts/edit/
where he could change personal data, such as the user’s
e-mail address, and compromise the account., Reventlov
wrote.Credit : The attack was developed by a security researcher Carlos Reventlov
Post a Comment
I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .