hey I want to grab the Facebook and twitter ID of a visitor to my site
how is this done without asking them
I can find 100 ways which all need approval from the user - not what i want to do
I can bind there cookie and send back to Facebook or twitter to get the id - but don't know how to get that to run on users side with out asking then nicely "can I get you run this for me please?"
grap a site visitors Id's
- Cool_Fire
- Not a sandwich
- Posts: 1912
- Joined: Fri May 09, 2003 1:20 pm
- Location: 41 6d 73 74 65 72 64 61 6d
- Contact:
Re: grap a site visitors Id's
Cookies are generally also protected these days. Your best bet would be some theoretical Javascript attack.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts: 3
- Joined: Mon Jan 02, 2012 10:40 pm
Re: grap a site visitors Id's
That is all great, but what would this theoretical attack look like?
there is no challenge in indirectly getting the user to click a link and piggy back on an event. I what to know who they are the second the come to the site.
there is no challenge in indirectly getting the user to click a link and piggy back on an event. I what to know who they are the second the come to the site.
- Cool_Fire
- Not a sandwich
- Posts: 1912
- Joined: Fri May 09, 2003 1:20 pm
- Location: 41 6d 73 74 65 72 64 61 6d
- Contact:
Re: grap a site visitors Id's
You can do it one of two ways (that I can think of right now.)
1. XSS something into the page you want to steal the cookie from. (If it doesn't work from the client side, you need a persistent XSS on the site.)
2. Javascript that somehow manages to break outof it's browser tab/sandbox and propagate to other open tabs, until it gets to the tab with the site you want. At that point you should be able to get access to that sites cookies.
There was something regarding this on one of the 28c3 talks, but I don't recall which one.
1. XSS something into the page you want to steal the cookie from. (If it doesn't work from the client side, you need a persistent XSS on the site.)
2. Javascript that somehow manages to break outof it's browser tab/sandbox and propagate to other open tabs, until it gets to the tab with the site you want. At that point you should be able to get access to that sites cookies.
There was something regarding this on one of the 28c3 talks, but I don't recall which one.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.