What's new

tutorial FÌRESHEEP PACKET SNIFFER

ah nou nhy mou

Moderator
Staff member
Moderator
Established
Awards
2
  • SikatPInoy Staff
  • medal 1
FÌRESHEEP PACKET SNIFFERfiresheep_three-625x352.pngmaxresdefault.jpg

Firesheep -
extension for the Firefox web browser that used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on Wi-Fi communications, listening for session cookies. When it detected a session cookie, the tool used this cookie to obtain the identity belonging to that session. The collected identities (victims) are displayed in a side bar in Firefox. By clicking on a victim's name, the victim's session is taken over by the attacker.[2]
FiresheepDeveloper(s)Eric ButlerStable release

Operating systemMicrosoft Windows and Mac OS X (highly unstable on Linux)Available inEnglishTypeAdd-on (Mozilla)Websitecodebutler.com/firesheepLearn more

This article needs to be updated. In particular: Extension seems unavailable now, many websites now completely encrypted (partially because of Firesheep). Maybe change the article to use past tense..

The extension was released October 2010 as a demonstration of the security risk of session hijacking vulnerabilities to users of web sites that only encrypt the login process and not the cookie(s) created during the login process.[3] It has been warned that the use of the extension to capture login details without permission would violate wiretapping laws and/or computer security laws in some countries. Despite the security threat surrounding Firesheep, representatives for Mozilla Add-ons have stated that it would not use the browser's internal add-on blacklist to disable use of Firesheep, as the blacklist has only been used to disable spyware or add-ons which inadvertently create security vulnerabilities, as opposed to attack tools (which may legitimately be used to test the security of one's own systems).[4] Note that even if they did, it wouldn't actually prevent anyone from using Firesheep, as Firefox contains a setting to disable this blacklist.[5] However, Firesheep has been removed from the Firefox addon store.
Later a similar tool called Faceniff was released for Android mobile phones.[6]
 
Top