This thing is extremely easy to use. Just head into a wifi populated area and boom your in peoples business like crazy. I need to look up the laws on this because you can do some serious damage to people using this extension. The possibility of the amount of PII you will be collecting on people is scary. Whats even scarier is that people are more then likely doing it to you now since this craze has spread like wildfire.
Use of this addon IS illegal outside of private use to test network security.
The program was originally created to get people aware of the insecure login credentials on social networks. It has done its job very well and is out of control.
Tomorrow i will post a program for anyone in a public wifi area to use that will keep you and people around you safe from someone looking at your private information.
------------------------------------
When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.
Hm.. is this legal?
ReplyDeletePretty rigged, but worth using if you really need it for some obscure purpose
ReplyDeleteSounds like it should be illegal!
ReplyDeleteI won't try this lol
ReplyDeleteI have no business looking at other people's business!
I'm not going to try this!
ReplyDeleteI'm going to try this too
ReplyDelete@swift: i will try this too!
ReplyDeletedef not trying this
ReplyDeleteIsnt that illegal?
ReplyDeleteso tempted to try this lol
ReplyDeletehaha, awesome!
ReplyDeleteooo sooo creepy and presents a scary thought in itselfs.
ReplyDeleteYeah, people are a little ignorant when it comes to shit like that. I remember scaring the hell out of my friends with just some of the BackTrack tools back in the day.
ReplyDeleteHaha, sounds fun :P
ReplyDeleteROFL super sketch.... im totally not gonna use it >.>
ReplyDeletesounds nice!
ReplyDeleteThis is such a troublemaker...
ReplyDeleteBrilliant!
amazing reaDING
ReplyDeleteI'm going to try this too
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteJust so you know, this is NOT legal.
ReplyDeleteIt's only legal if you have the account owner's permission, and is typically done by security professional to test server. There are better tools than that addon, though.
Using it as you suggest is extremely illegal, and if you get caught you're getting the same sentence as a bank robber in the US. And I don't wanna sound like an asshole, but it's against the Google ToS. I won't report it of course, but if they see it they won't like it
that's an amazing bit of information
ReplyDeleteHappy Halloween!
ReplyDelete