Session Hijacking from your N900

Remember FireSheep? Remember Idiocy? Well now you can remember Pwnitter, if you’re an N900 user.

“Sidejacking” as it’s been called, a method of snarfing and re-using session cookies, is now publicly available for your mobile phone and Twitter. If you didn’t feel like hacking up FireSheep to get it working on your device, chewing over 40MB of space and wreaking havoc on your dependencies – well, look no further than a nice packaged binary called Pwnitter, by Tobias Mueller of GNOME fame.

With a modified code base from Idiocy, added Maemo-specific backend ties and services, Pwnitter allow users to drop the built-in WLAN interface into RFMON mode, passively sniff session cookies from Twitter and insert status updates by impersonating the previously “authenticated” user.

If you fancy a quick-hackup of FireSheep, I’d recommend taking a look at the WebOS port.


Post a Comment