Recently, there was a vulnerability discovered in LinkedIn, which is described here http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability/ Basically, this allows someone in network to sniff a cookie value and apply it in his browses session to hijack the target's user session. This simple concept even works even in Facebook. I was able to hijack n number of user's session sitting in my university room in few minutes. For every POST request in facebook, similar cookie string is transmitted: Cookie: datr=09bXXXQ2oOgQuUK0yAzK_JU9; lu=wgj9pmpkAsdXXXTp5vthfh2w; locale=en_US; L=2; act=13078123502562F3; c_user=xxxxxx; sct=1123416461; xs=603Afe43db8a71239bd8d7b2a831xxx6241f; presence=EM307818375L26REp_5f123422481F22X3078XXX1367K1H0V0Z21G307818375PEuoFD769839560FDexpF1307818409174EflF_5b_5dEolF-1CCCC; e=n I was able to hijack the remote user's session by just placing the value of 2 cookies: c_user (which is obviously user id) and xs (seems like auth token) in my browser session. Step by step POC: http://madhur.github.com/blog/2011/06/12/facebooksessionhijacking.html Cookie: datr=09bXXXQ2oOgQuUK0yAzK_JU9; lu=wgj9pmpkAsdXXXTp5vthfh2w; locale=en_US; L=2; act=13078123502562F3; c_user=xxxxxx; sct=1123416461; xs=603Afe43db8a71239bd8d7b2a831xxx6241f; presence=EM307818375L26REp_5f123422481F22X3078XXX1367K1H0V0Z21G307818375PEuoFD769839560FDexpF1307818409174EflF_5b_5dEolF-1CCCC; e=n Is this how it works in all social sites ? If the answer is yes, I will be highly doubtful of using internet at any public place where sniffing or MITM attack is relatively simple to make. Are there any measures to prevent it ? Madhur http://madhur.github.com