Jump to content

Firesheep: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
No edit summary
Replaced content with 'This shouldn't be allowed. It is against the good morals of the Internet. If somebody uses this for eveil it is bad.'
Line 1: Line 1:
This shouldn't be allowed.
'''Firesheep''' is an [[Add-on (Mozilla)#Extensions|extension]] developed by Eric Butler for the [[Firefox]] web browser. The extension uses a [[Packet analyzer|packet sniffer]] to intercept unencrypted [[HTTP cookie|cookies]] from certain websites (such as [[Facebook]] and [[Twitter]]) as the cookies are transmitted over networks, exploiting [[session hijacking]] vulnerabilities. It shows the discovered identities on a [[sidebar (computing)|sidebar]] displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's name.<ref>{{cite web|author=Steve Gibson, Gibson Research Corporation |url=http://www.grc.com/sn/sn-272.htm |title=Security Now! Transcript of Episode #272 |publisher=Grc.com |date= |accessdate=November 2, 2010}}</ref>


It is against the good morals of the Internet.
The extension was created as a demonstration of the security risk to users of web sites that only encrypt the login process and not the cookie created during the login process.<ref name="lifehacker-fs">{{cite web|title=Firesheep Sniffs Out Facebook and Other User Credentials on Wi-Fi Hotspots|url=http://lifehacker.com/5672313/sniff-out-user-credentials-at-wi+fi-hotspots-with-firesheep|publisher=Lifehacker|accessdate=October 28, 2010}}</ref> It has been warned that the use of the extension to capture login details without permission would violate wiretapping laws and/or computer security laws in some countries. Despite the security threat surrounding Firesheep, representatives for [[Mozilla Add-ons]] have stated that it would not use the browser's internal add-on blacklist to disable use of Firesheep, as the blacklist has only been used to disable [[spyware]] or add-ons which inadvertently create security vulnerabilities, as opposed to attack tools (which may legitimately be used to test the security of one's own systems).<ref name="cw-firesheep">{{cite web|last=Keizer|first=Gregg|title=Mozilla: No 'kill switch' for Firesheep add-on|url=http://www.computerworld.com/s/article/9193420/Mozilla_No_kill_switch_for_Firesheep_add_on|publisher=Computer World|accessdate=October 29, 2010}}</ref>


If somebody uses this for eveil it is bad.
==Counter-measures==
Multiple methods exist to counter Firesheep's activities, such as preventing packet sniffing by using an [[HTTP Secure|HTTPS]] connection; however, since many sites restrict the use of HTTPS to only web login, the end user would have to resort to a corporate [[Virtual private network|Virtual Private Network]] or implement a personal VPN (for example via [[OpenVPN]]) to a home PC to encrypt absolutely all the data transmitted over the Wi-Fi link. Connecting to a wifi network with a password offers varying levels of security. Using a [[WEP]] password, the attacker running Firesheep must have the password, but once this has been achieved (a likely scenario if a coffee shop is asking all users for the same basic password) they are able to decrypt the cookies and continue their Firesheep attack. However, using [[WPA]] encryption offers individual user isolation, preventing the attacker from decrypting any cookies sent over the network even if they have logged into the network using the same password<ref>See episode 272 "Firesheep"[http://www.grc.com/securitynow.htm]</ref>( however it should noted that this is a limitation of firesheep and an attacker would be able to manually retrieve and decrypt another users data on a WPA-PSK connection, if the Key is known)

Another Firefox extension known as BlackSheep, developed by [[Zscaler]], was also created as a counter for Firesheep. BlackSheep works by sending fake session data for Firesheep to detect, and promptly warning the user if a computer running the extension is detected. The extension itself is partially based off FireSheep's code.<ref>{{cite web|last=Raporza|first=Jim|title=BlackSheep Sounds Alarm Against Firesheep|url=http://www.informationweek.com/news/security/client/showArticle.jhtml?articleID=228200557&cid=RSSfeed_IWK_News#|publisher=InformationWeek|accessdate=November 10, 2010}}</ref>

A program called Fireshepherd can be installed to run on your computer. It periodically sends out overwhelming amounts data, aiming to overload and crash running instances of Firesheep on computers on the same network. <ref name="fireshepherd">{{cite news|last=Greenberg|first=Andy|title=How To Screw With Firesheep Snoops? Try FireShepherd|url=http://blogs.forbes.com/andygreenberg/2010/10/28/how-to-screw-with-firesheep-snoops-try-fireshepherd/|accessdate=1 December 2010|newspaper=Forbes|date=28 October 2010}}</ref>

==See also==
*[[Session hijacking]]
*[[HTTP cookie#Cookie hijacking|Cookie hijacking]]
*[[HTTPS]]
*[[Transport Layer Security]]
*[[HTTP Strict Transport Security]]

==References==
{{reflist}}

==External links==
* [http://codebutler.github.com/firesheep Firesheep home page]
* [http://codebutler.com Eric Butler]
* [http://www.josephn.net/facebook_session_hijacking Josephn.net | Facebook Session Hijacking] - Using Firesheep & ARP table poisoning on a switched network (tutorial)

{{internet-stub}}

[[Category:Mozilla add-ons]]

Revision as of 08:33, 15 December 2010

This shouldn't be allowed.

It is against the good morals of the Internet.

If somebody uses this for eveil it is bad.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Firesheep&oldid=402485570"