Firesheep Firefox extension: sidejacking made easy makes a point

Saturday, December 1st, 2012 By

firesheep sidejacking on open wireless network

Once you know how Firesheep can hack your Facebook account, your coffee shop wi-fi experience will never be the same. Image: CC mccheeck/Flickr

Firesheep is a Firefox extension that captures user names and passwords of anyone using the same open wireless network. Firesheep’s developer released the extension to demonstrate how exposed people are on open networks when they log into social network sites that employ cookies for user authentication. The good news is that certain Firefox extensions are available that protect personal information from “sidejacking” tools such as Firesheep.

Firesheep makes hacking social networks easy

Firesheep allows anyone to walk into a coffee shop and start prying into personal lives. Firesheep works because when users submit a user name and password to log in, the server replies with a cookie the browser uses for user authentication going forward. According to Eric Butler, who developed Firesheep, on the open wireless network in that coffee shop, cookies are being shouted through the air. Websites commonly protect user names and passwords by encrypting the login. However, in the interests of expediency, the cookie isn’t protected. On an open wireless network, sidejacking, or HTTP session hacking, is like shooting fish in a barrel.

How to use Firesheep

Firesheep is free, open source and available for Mac OS X and Windows. Install Firesheep, and a new sidebar appears in Firefox. Go to the coffee shop, connect to its open wireless network. Simply click the “Start Capturing” button. Anyone using the network logged into Facebook, or any other insecure website recognized by Firesheep will show up. The sidebar will display their name and photo. Double-click on the photo and Firesheep instantly logs into their private account. From there, Firesheep sidejackers can do anything they want.

How to block Firesheep

Firesheep can be foiled. According to TechCrunch, Firesheep works because most social sites, after encrypting login information, default to the HTTP protocol. The Firefox extension “Force-TLS” forces those sites to use the HTTPS protocol, which makes user cookies undetectable with Firesheep. The Force-TLS  Firefox extension allows users to change HTTP to HTTPS on sites selected in the Firefox Add On “Preferences” menu. HTTPS encrypts all user data so Firesheep can’t read it. Major sites such as Facebook, Twitter and Google allow HTTPS connections. Amazon currently doesn’t.


The Register


Previous Article

« Consumers Worried About Debt Relief and Retirement

Consumers can still find retirement funding that helps with debt relief, if they follow a few rules... Debt relief and retirement
Next Article

Jet Blue offers $10 flights to celebrate »

Jet Blue is celebrating 10 years in the air by offering $10 one-way flights - but with some heavy limitations. READ MORE... Jet Blue

This post has one comment

  1. Bazics NewsFeeds says:

    This is how to install Firesheep to hack Facebook or Twitter accounts. This is disseminated for educational purposes only and not recommended for general use. However, I have posted already earlier how to protect your account information from this hacking software that can hack Facebook, Twitter or other accounts.


Trackbacks / Pingbacks

    Leave a Reply

    Other recent posts by bryanh

    Consumers Worried About Debt Relief and Retirement

    Consumers can still find retirement funding that helps with debt relief, if they follow a few rules...
    Debt relief and retirement

    Payday Loans Up To $1,500 With No Credit Checks

    No faxing or credit checks required in most cases. Direct deposit of cash in as little as 2 hours. APPLY ONLINE HERE

    Retirees Need to Find Debt Relief and A Solid Financial Plan

    People looking to retire need to manage their debt relief, financial planning and wills wisely...