No one have missed the release of Firesheep, I hope. The new easy way to hack your way into other peoples accounts on Facebook, Twitter, WordPress, Flickr, Google and more. The exploit is a plugin for Firefox that captures network traffic and intercepts the session cookies from the sites. This isn't new to any one but it's the way it's implemented that is nice and will get people moving trying to fix there broken sites. If you can't scale up your service safely with SSL you shouldn't scale up at all. When you installed the plugin in Firefox just hit "Start Capturing" and when ever it finds a service cookie it will pop-up with the username and picture.
It's been announced that this is an axploit for unprotected wireless networks but that isn't all true. If you use a simple man in the middle attack you can capture the traffic on a wired network you got access to in your school or at your work place. There are simple ways of doing this.
- Download Cain & Able and install it! (http://www.oxid.it/cain.html)
- Download Wincap and install it! (http://www.winpcap.org/install/default.htm)
- Download Firesheep and install it, if your browser saves it as a .zip file rename it to .xpi. Then just open firefox menu "Tools" -> "Add-ons" and drag-and-drop the file into the window. (http://github.com/codebutler/firesheep/downloads)
- Read this how-to and do a man in the middle attack on your current network. (http://skateass.com/wordpress/cain-arp-poisoning-cracking-and-sniffing-passwords-and-packets/)
- Start Firefox, goto "View" -> "Sidebar" -> "Firesheep" then hit "Start Capturing". Now all the sessions created to the sites will be at your disposal.
You can even create custom site profiles in Firesheep and capture other services then the ones already in there.
What else do you want to read about? Please hit me with some comments!
Posted by Kristofer Källsbo
Subscribe via e-mail
Originally from Gothenburg, Sweden currently living in San Francisco, USA 15 years of professional experience in the IT business. Everything from support, network, hardware to development, devops and management. Please check my LinkedIn for more info...