Misplaced Pages

Firesheep

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Firefox extension
Firesheep
Developer(s)Eric Butler
Stable release0.1-1
Repository
Operating systemMicrosoft Windows and Mac OS X (highly unstable on Linux)
Available inEnglish
TypeAdd-on (Mozilla)
Websitecodebutler.com/firesheep

Firesheep was an extension for the Firefox web browser that used a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on Wi-Fi communications, listening for session cookies. When it detected a session cookie, the tool used this cookie to obtain the identity belonging to that session. The collected identities (victims) are displayed in a side bar in Firefox. By clicking on a victim's name, the victim's session is taken over by the attacker.

The extension was released October 2010 as a demonstration of the security risk of session hijacking vulnerabilities to users of web sites that only encrypt the login process and not the cookie(s) created during the login process. It has been warned that the use of the extension to capture login details without permission would violate wiretapping laws and/or computer security laws in some countries. Despite the security threat surrounding Firesheep, representatives for Mozilla Add-ons stated initially that it would not use the browser's internal add-on blacklist to disable use of Firesheep, as the blacklist has only been used to disable spyware or add-ons which inadvertently create security vulnerabilities, as opposed to attack tools (which may legitimately be used in legitimate penetration tests). Since then, Firesheep has been removed from the Firefox addon store.

A similar tool called Faceniff was released for Android mobile phones.

See also

References

  1. Butler, Eric. "Firesheep – codebutler". Archived from the original on August 20, 2012. Retrieved December 20, 2010.
  2. Steve Gibson, Gibson Research Corporation. "Security Now! Transcript of Episode No. 272". Grc.com. Archived from the original on October 1, 2012. Retrieved November 2, 2010.
  3. "Firesheep Sniffs Out Facebook and Other User Credentials on Wi-Fi Hotspots". Lifehacker. October 25, 2010. Archived from the original on August 4, 2012. Retrieved October 28, 2010.
  4. Keizer, Gregg (October 28, 2010). "Mozilla: No 'kill switch' for Firesheep add-on". Computer World. Archived from the original on October 10, 2012. Retrieved October 29, 2010.
  5. "Sniff and intercept web session profiles on Android". Help Net Security. June 2, 2011. Archived from the original on July 12, 2012. Retrieved June 2, 2011.

External links

Categories: