Firesheep Details??

Viewing 6 reply threads
  • Author
    Posts
    • #5752
      scuccii
      Participant

      Okay – I’m not sure that this is the right forum for this, but I’m curious as to how firesheep works.

      I tested the application on my wireless router which I downgraded to wep which allowed this vulnerablity to work. My understanding of this is that for sites that aren’t completely HTTPS or HTTP this tool will allow you to hijack there session.

      My question is how is this taking place? Are these for sites that secure your credentials intially at logon and than aren’t HTTPS afterwards? Is the information being sniffed by cookies being sent over the wireless? How can you defend against this?

      I understand the networking here since the AP acts like a hub, I was more intereted as to what was being sniffed out with this tool.

      thanks.

    • #36104
      putosusio
      Participant

      See if this helps answer your questions, http://www.schneier.com/blog/archives/2010/10/firesheep.html

      If not, how about you do a write up about it for the EH community answering the questions you posted. I know I’d be interested to know more.

    • #36105
      scuccii
      Participant

      I’m very interested in this and if anyone can help with some of the more “fine” details on how this tool works please let me know.

      I’m assuming that this is based off the cookies that are being thrown up to the open wifi “hub”.

      I saw many responses to “HTTP everywhere”, which is another interesting topic. Many of this is new to me and I’d love to hear more about these topics from any of the more “seasoned” members.

    • #36106
      dante
      Participant

      I will try to give a full picture on firesheep..

      Wireless packets are encrypted using WEP/WPA keys. On a public wifi connection, the packets that are sent and back forth are unencrypted. The unencrypted wifi packets are perfectly normal and not the focus of the problem here.

      A wireless card set in promiscuous mode would be able to sniff all the packets in the network. As by default HTTP packets are not encrypted, session cookies can be stolen making it possible to hijack sessions. Okay this scenario has been known for several years now, but the tool to make this look easy was not available. Firesheep exactly did that. The focus of the problem is popular sites(Facebook, Twitter) not offering HTTPS by default and the author made the tool and made it public to force these sites.

      Remember that the scenario is same for all other tcp protocols that do not use SSL layer – ftp, pop, smtp, imap etc and so on. Believe me its not hard to write a tool for sniffing passwords and I am sure there are plenty available now(cain and abel?).

      Regarding the working.. I think its pretty simple
      1)Steal the cookie from HTTP requests
      2)Send a new request to the site with the stolen cookie

    • #36107
      scuccii
      Participant

      Thank You!!

      So once a site has HTTPS the credentials are safe from there? Are you encrypted the entire time you’re on the site? Or are there sites that go between HTTP and HTTPS?

      When you’re going through HTTPS are the cookies being sent through a the SSL tunnel? Is this right?

    • #36108
      dante
      Participant

      @scuccii wrote:

      So once a site has HTTPS the credentials are safe from there?

      Yes and No. If it steps down to HTTP and pass the cookies in HTTP,  its still vulnerable to session hijacking. For instance, you might think that static images does not require HTTPS, but the request to static images will still contain the cookie header and if it is transmitted in HTTP, then it is vulnerable to session hijacking.

      Yes, there are sites that goes between HTTP and HTTPS.

      @scuccii wrote:

      When you’re going through HTTPS are the cookies being sent through a the SSL tunnel? Is this right?

      Yes.

    • #36109
      putosusio
      Participant

      The more secure sites stay in https, for example banking and e commerce sites. Usually social networking, some email sites, and forums don’t because security isn’t a concern. A good way to protect yourself is to use different passwords for different sites, even if they’re off by just a character or two.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?