I put together a quick Firesheep handler for a session cookie flaw that was disclosed here. It’s nothing crazy, or groundbreaking, but I figured I’d post it here and get credit where credit is due. It would blow if someone else found this from me posting it places and took credit.
I have a link to this on a pastie.org private paste, you can also view that instead if you like.
domains: [ 'steampowered.com' ],
sessionCookieNames: [ 'steamLogin'],
Open up Notepad or whatever text editor you use, copypasta this and save as steam.js to the directory below in Windows
I’m too lazy to look up the extension paths in other OSes, so you’re just going to have to do a little work.
I’m going to be looking into how the Steam client handles cookie data this week, I’m pretty sure I can steal a session cookie and use it in the client itself to download whatever. I’ll have to see how it works first 🙂