FireSheep for 2013?

This topic contains 8 replies, has 6 voices, and was last updated by  Questionable 6 years, 5 months ago.

  • Author
    Posts
  • #8350
     TomTees 
    Participant

    I recently learned about some add-on for FireFox called “FireSheep” which sounds really interesting and scary!!

    After Googling it, it appears to only work with some ancient version of FF like 3.6

    I think my current version of FF is like 15 or 16.

    Is there an easy way to try out FireSheep on my updated version of FF?

    Oh, I am using Snow Leopard if that helps.

    Tom

    P.S.  Since I am a newbie – and a nice guy – I don’t want to do anything that would jeopardize my system!  I just was hoping to try FireSheep to educate myself on what I think is called “Side-Jacking”.  This will knowledge will come in handy since I am trying to get away from using Free Wi-Fi…

  • #52486
     m0wgli 
    Participant

    @tomtees wrote:

    I think my current version of FF is like 15 or 16.

    Is there an easy way to try out FireSheep on my updated version of FF?

    Oh, I am using Snow Leopard if that helps.

    Firesheep aside, I’d suggest you update your FireFox if possible, the latest is 20.

  • #52487
     cd1zz 
    Participant

    Wireshark would do the trick. You just have to know what you’re looking for 🙂

  • #52488
     TomTees 
    Participant

    I was able to figure out how to install a second instance of FireFox on my MacBook.  (Version 3.6.28)

    When I fire up that version and FireFox, and then click on “Start Monitoring”, I never see anyone or anything.

    I have tried this a few times at McDonalds where I am pretty sure there were some people surfing online, but I never see anyone?!  :-

    What is wrong?

    (BTW, I am able to see my own activity, like if I log into yahoo or Google…)

    Tom

  • #52489
     superkojiman 
    Participant

    I found FireSheep to be somewhat unstable from my past experience with it. Honestly, if you want to understand how session hijacking works, just do some reading on it. Like cd1zz said, all you need is Wireshark. Here’s something to start with: http://www.cleverlogic.net/tutorials/session-hijacking-facebook-accounts

  • #52490
     dynamik 
    Participant

    @tomtees wrote:

    I was able to figure out how to install a second instance of FireFox on my MacBook.  (Version 3.6.28)

    When I fire up that version and FireFox, and then click on “Start Monitoring”, I never see anyone or anything.

    I have tried this a few times at McDonalds where I am pretty sure there were some people surfing online, but I never see anyone?!   :-

    What is wrong?

    (BTW, I am able to see my own activity, like if I log into yahoo or Google…)

    Tom

    Setup a second system and test on your own traffic system. Using tools you don’t fully understand on others is unethical, reckless, and asking for trouble.

  • #52491
     TomTees 
    Participant

    @ajohnson wrote:

    Setup a second system and test on your own traffic system. Using tools you don’t fully understand on others is unethical, reckless, and asking for trouble.

    Nothing unethical here.  Just trying to see what others might be able to see about me…

    Tom

  • #52492
     dynamik 
    Participant

    @tomtees wrote:

    Nothing unethical here.  Just trying to see what others might be able to see about me…

    I don’t understand the scenario. How is capturing other users’ session information going to help you with that? If you’re seeing your own traffic, you already understand what the attack is capable of.

    Seriously, it takes one person accusing you of hacking to land you in a heap of legal trouble that you neither want nor deserve. Only test on your own systems, devices, and networks, or with written permission from another owner. People’s lives have been ruined over harmless curiosity.  

  • #52493
     Questionable 
    Participant

    Tom,

    You may think what you were doing at Mcdonalds would be classed as ethical, but trying to capture traffic other users network traffic is very illegal, unless you have consent from the party in question. ajohnson has suggested, and I agree, that you should use a second system of your own and test it on your own account, simple curiosity has thrown many good men in jail. If you don’t have access to another physical computer, there are lots of alternatives, such as a virtual machines.

    I’ve recently stumbled across VulnHub, it might b a good place to get you started. http://vulnhub.com/

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?