Firesheep and Steam

I put together a quick Firesheep handler for a session cookie flaw that was disclosed here. It’s nothing crazy, or groundbreaking, but I figured I’d post it here and get credit where credit is due. It would blow if someone else found this from me posting it places and took credit.
I have a link to this on a private paste, you can also view that instead if you like.

name: '',
url: '',
domains: [ '' ],
sessionCookieNames: [ 'steamLogin'],

Open up Notepad or whatever text editor you use, copypasta this and save as steam.js to the directory below in Windows


I’m too lazy to look up the extension paths in other OSes, so you’re just going to have to do a little work.

I’m going to be looking into how the Steam client handles cookie data this week, I’m pretty sure I can steal a session cookie and use it in the client itself to download whatever. I’ll have to see how it works first 🙂

Posted in projects Tagged with: , , ,
2 comments on “Firesheep and Steam
    • g3k says:

      I was able to very easily steal a cookie from the Steam client, but I’ve been looking off and on for a while for a way to bypass SteamGuard using cookies. It’s a work in progress, but it’s been slow going.

Leave a Reply to g3k Cancel reply

Your email address will not be published. Required fields are marked *