Skip to content

October 25, 2010

1

Intercepting Unencrypted Sessions with Firesheep

Firesheep, a new Firefox extension that allows you to intercept unencrypted sessions being transmitted over the network, has been released by Eric Butler. Taking advantage of websites that don’t use SSL by default, such as Facebook and Twitter, Firesheep uses network-sniffing to intercept the cookies used to transport session IDs (also known as sidejacking). Note this attack will work over Wifi by default, but will require extra work on a switched wired network.

Once Firesheep has intercepted a user’s cookie over the network, it allows you to be logged in as that user. The concept of session-stealing is as old as the internet, but to have a Firefox extension that does it in such a user-friendly manner is great. It’s also a lot more dangerous as it makes this attack so much easier for any unskilled attacker to carry out.

Firesheep Screenshot

Protecting Yourself

The are a couple ways of protecting yourself from sidejacking attacks.  The first and foremost is to ensure that you use SSL when visiting popular or particularly sensitive web services, including Gmail, Hotmail, Facebook, Twitter, or any other site that’s of importance to you (online banking?). The best way of doing this is to make sure your bookmarks (or the URL you type in) starts with “https://”, and that no SSL certificate errors appear. Another Firefox plugin, HTTPS Everywhere, from the privacy advocates over at the Electronic Frontier Foundation (EFF), enforces SSL on predefined sites. You can also protect your searches by using Google over SSL (encrypted.google.com).

Another way of protecting yourself is to channel your browser traffic through a VPN or SSH Tunnel. Your data is then sent through an encrypted link to a remote host (preferably one you control), before being sent to the destination.

Installing Firecat

Firebug runs in Firefox on Mac OS X and Windows, however Windows users will need to install WinPcap first. After downloading the extension file (xpi), simply open it by going to File -> Open File (you will need to restart Firefox). To clarify some confusion, once you’ve installed the extension, you need to go to View -> Sidebar -> Firesheep to enable it, and click Start Capturing.

Give it a try for yourself.

[Update] Detecting and protecting against Firesheep with FireShepherd.

Related posts:

  1. Firesheep Detection and Defence with FireShepherd [and BlackSheep]
  2. Intercepting Print Jobs with prn-2-me
  3. Inform your Friends about their Hacked Accounts
  4. Reverse SSH over Tor on the Pwnie Express
  5. Security Update 2011-005 Fixes DigiNotar SSL Vulnerability
Read more from Security, Hacking, Networking, Social Networking
, , , , , , , , , ,
1 Comment Post a comment

Trackbacks & Pingbacks

  1. Firesheep Exploit

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php