Hack passwords by hijacking HTTP cookie using Fire Sheep

 

 

 

 

 

 

 

 

 
1. Download Firesheep Firefox add-on to hack wireless network users from any one of the
links given below
http://codebutler.github.com/firesheep/
2. Install this add-on in your Firefox (working perfectly on Windows XP and Windows
Vista). Restart Firefox. Connect to any public wireless network.
3. Now, in the sidebar, hit on “Start Capturing” and Firesheep searches for and captures
cookies in a wireless network.
4. As soon as anyone on the wireless network visits any insecure website known to
Firesheep, their name and photo will be displayed in the sidebar. Now, simply double click
on someone and you’re into his/her account. Thus, you are able to hack wireless network
user.
Web sites that are vulnerable to Firesheep:
As is reported, the two social network giants Facebook and Twitter are vulnerable and
hence attacked largely by Firesheep. Also, other websites vulnerable are: Foursquare,
Gowalla, Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Flickr,
Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker,
Slicehost, tumblr, WordPress, Yahoo and Yelp.
Solution to Firesheep attack:
Personal Protection:
Firesheep hack can be implemented only if the website does not use secure HTTPS
connections. So, we can lay down Firesheep hack, if we inform Firefox to always use
secure connections. This can be implemented by using the Firefox add-on Force-TIS.
Securing whole Wireless network:
Also, it is necessary to secure other users of wireless networks. So, FireShephard – the
anti-Firesheep tool has been released which shuts down Firesheep running on any
computer in the wireless network. Fire Shephard basically floods the nearby wireless
network with packets which are designed to turn off Firesheep. This surely secures all
users of the wireless network.