Firesheep is a Firefox add-on that it possible for anyone to hack into open Wi-Fi networks, such as those commonly found in public networks. Written by Eric Butler, it allows you to intercept cookies by Amazon, bit.ly, Facebook, Twitter, CNET, Cisco, Dropbox, Google and numerous others. The technique is known as ‘HTTP session hijacking’ (or ‘sidejacking‘). The programmer also says its easy for any competent programmer to write their own plugins to add to the sites that can be hacked.
The captured cookies contain the login details of the unsuspecting user of the public network and will also display their photo and name in the browser sidebar. By double-clicking on the user you can then login to the site in question, just as if you were the actual user. The potential for anyone to exploit this for nefarious ends is frightening, and should make everyone think twice about using public (open) networks at all.
Butler has said that the only effective way to combat the vulnerability his Firefox web browser add-on Firesheep takes advantage of is for the sites to use full end-to-end encryption, known as HTTPS or SSL but many sites default to the HTTP protocol because it’s quicker.
Although you can download the add-on from eleewhere I am not including any links here to it as I don’t want to encourage such activity.
- Your Facebook can be hacked by any average joe sitting next to you with free Firesheep plugin (techvibes.com)
- Firefox addon Firesheep lets you hack into Twitter, Facebook and more! (instantfundas.com)
- Firesheep Sniffs Out User Credentials at Wi-Fi Hotspots [Downloads] (lifehacker.com)
- Firesheep Exposes Need For Encryption (informationweek.com)
- Is It Legal to Use Firesheep at Starbucks? (pcworld.com)
- Firesheep session hijacking tool makes public Wi-Fi useless (gizmag.com)