I presume there is a bug in the fi开发者_如何转开发resheep
which fireshepard
exploits.
fireshepard source
firesheep sourceJust ran both FireShepard and FireSheep, that "weird string" causes a syntax error while parsing the JSON result for the mock Facebook cookie because the input is not properly escaped.
see Issue 88
It looks like the specific place it is failing is in FiresheepWorker.js in this portion of the code:
/* Read stdout until process exits */
var line;
while (line = process.ReadOutputLine()) {
var packet = JSON.parse(line);
this._processPacket(packet);
}
/* Read any errors */
var errors = [];
while (line = process.ReadErrorLine()) {
errors.push(line);
}
Here is the Cookie value from Fireshepard source for reference :
"Cookie: lsd=spsse; c_user=666660000; sct=01010101; sid=0; xs=3randomhashyes666666666; asdf=??????????????!!!!!!!!!!!!!!!!!!!!%•eëÒˆY¼¥Áøþh¡F4£A€ º¦SÍÂÝåt¹Òv5þhèŸË&%%¥Ô$FsnÄ‹xÏÏvVfi6ƒÊìÈ_7νçÜQlXËFÿë~~½¹ùÉÛ,÷7¬ùüyóÇ>hº_ošŸ¿ÄGÜ5¼yy{ÃZÆ|øË,þÊjo¬´W¢y¹¹y5ù|Êmk¤P“Ãt¦[%´Ô“û)7°f²›ÎDk¹0vò€_ykW“ÛÝ=þ‹ËV©&«þ×åtfçðÔS{/Z9Yàé½nlãï¬ÅÇÛåô/u#8“´Ã—¯±šÿìÇúyøëO^ˆn73®¥“Њ·LÄÏ1MKºGGÖ: Íìd3MÇiñ_õ{[Ïs§‡0gÂë´ ž»°n~)ºù…áF7ÂKÙzG_O~9}ùöÆ1XÓ™4ÀwSA»Ó<Ø®ûu…ß“™×SÕ2ãŸ,¦®åÒ11ÙçN‡Ý|—×ÿI·Íâœa˜ŠÃÞgtçÓ´Áeþm?å¢0Éb:K“RÛv:KÓ¯º£øìåÍïoð¡nþtÃ-Ó€@cótͦo±Íúæó³L+>… 5- ÃÒX&bð³lˆ[ $¯DZJ\r\n\r\n"; request+="\r\n";
精彩评论