.

FireSheep for 2013?

<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Wed Apr 03, 2013 3:23 pm

FireSheep for 2013?

I recently learned about some add-on for FireFox called "FireSheep" which sounds really interesting and scary!!

After Googling it, it appears to only work with some ancient version of FF like 3.6

I think my current version of FF is like 15 or 16.

Is there an easy way to try out FireSheep on my updated version of FF?

Oh, I am using Snow Leopard if that helps.


Tom

P.S.  Since I am a newbie - and a nice guy - I don't want to do anything that would jeopardize my system!  I just was hoping to try FireSheep to educate myself on what I think is called "Side-Jacking".  This will knowledge will come in handy since I am trying to get away from using Free Wi-Fi...
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Apr 03, 2013 4:37 pm

Re: FireSheep for 2013?

TomTees wrote:I think my current version of FF is like 15 or 16.

Is there an easy way to try out FireSheep on my updated version of FF?

Oh, I am using Snow Leopard if that helps.


Firesheep aside, I'd suggest you update your FireFox if possible, the latest is 20.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Apr 03, 2013 9:16 pm

Re: FireSheep for 2013?

Wireshark would do the trick. You just have to know what you're looking for :)
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Wed Apr 10, 2013 12:30 pm

Re: FireSheep for 2013?

I was able to figure out how to install a second instance of FireFox on my MacBook.  (Version 3.6.28)

When I fire up that version and FireFox, and then click on "Start Monitoring", I never see anyone or anything.

I have tried this a few times at McDonalds where I am pretty sure there were some people surfing online, but I never see anyone?!  :-\

What is wrong?

(BTW, I am able to see my own activity, like if I log into yahoo or Google...)


Tom
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Wed Apr 10, 2013 6:10 pm

Re: FireSheep for 2013?

I found FireSheep to be somewhat unstable from my past experience with it. Honestly, if you want to understand how session hijacking works, just do some reading on it. Like cd1zz said, all you need is Wireshark. Here's something to start with: http://www.cleverlogic.net/tutorials/se ... k-accounts
OSCP + OSCE
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Apr 10, 2013 6:54 pm

Re: FireSheep for 2013?

TomTees wrote:I was able to figure out how to install a second instance of FireFox on my MacBook.  (Version 3.6.28)

When I fire up that version and FireFox, and then click on "Start Monitoring", I never see anyone or anything.

I have tried this a few times at McDonalds where I am pretty sure there were some people surfing online, but I never see anyone?!   :-\

What is wrong?

(BTW, I am able to see my own activity, like if I log into yahoo or Google...)


Tom



Setup a second system and test on your own traffic system. Using tools you don't fully understand on others is unethical, reckless, and asking for trouble.
The day you stop learning is the day you start becoming obsolete.
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Wed Apr 10, 2013 9:44 pm

Re: FireSheep for 2013?

ajohnson wrote:Setup a second system and test on your own traffic system. Using tools you don't fully understand on others is unethical, reckless, and asking for trouble.


Nothing unethical here.  Just trying to see what others might be able to see about me...


Tom
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Apr 10, 2013 11:03 pm

Re: FireSheep for 2013?

TomTees wrote:Nothing unethical here.  Just trying to see what others might be able to see about me...


I don't understand the scenario. How is capturing other users' session information going to help you with that? If you're seeing your own traffic, you already understand what the attack is capable of.

Seriously, it takes one person accusing you of hacking to land you in a heap of legal trouble that you neither want nor deserve. Only test on your own systems, devices, and networks, or with written permission from another owner. People's lives have been ruined over harmless curiosity.  
Last edited by dynamik on Wed Apr 10, 2013 11:05 pm, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

Questionable

Newbie
Newbie

Posts: 13

Joined: Wed Dec 07, 2011 10:43 pm

Post Thu Apr 11, 2013 4:16 am

Re: FireSheep for 2013?

Tom,

You may think what you were doing at Mcdonalds would be classed as ethical, but trying to capture traffic other users network traffic is very illegal, unless you have consent from the party in question. ajohnson has suggested, and I agree, that you should use a second system of your own and test it on your own account, simple curiosity has thrown many good men in jail. If you don't have access to another physical computer, there are lots of alternatives, such as a virtual machines.

I've recently stumbled across VulnHub, it might b a good place to get you started. http://vulnhub.com/
We can re-code him, we have the technology!

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software