, 6 tweets, 2 min read Read on Twitter
In 2007, I demoed "sidejacking" at BlackHat, where I sniffed the GMail session cookie from WiFi of an audience member and hijacked their session. Back then, the standard was SSL for login, but non-SSL for the rest of the connection. Sidejacking forced all SSL all the time.
There were good reasons why all SSL all the time wouldn't work. For example, satellite connections would often timeout. Twitter would've been unusable for many customers if SSL were forced upon them.
Sidejacking forced the issue, and forced those like Google, Facebook, and Twitter to first make SSL an option, then the default, then no longer not-an-option. It forced ISPs to fix the issues preventing SSL from working quite right.
It was interesting watching the transition. LOTS of things went wrong. For example, Google quickly add SSL as an option. But if SSL failed, it'd back off to non-SSL. So on WiFi, you simply TCP RST all SSL connections, then hijacked the session when it backed off to non-SSL.
I assume this Tweet is meant as humor, but I'm going to respond to it anyway: I'd been doing this for 10 years, publishing a tool was the only way to affect change.
In any case, I did this as a proxy server. Eric Butler made a much better implementation with a browser extension known as FireSheep, which REALLY forced the change. If I remember right, lots of celebrities got popped through FireSheep.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Rob Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!