Firesheep
| Firesheep | |
|---|---|
| Basic data
|
|
| developer | Eric Butler |
| Publishing year | 2010 |
| Current version | 0.1-1 |
| operating system | Windows , macOS |
| category | extension |
| http://codebutler.com/firesheep | |
Firesheep is a Firefox extension that makes it possible to carry out session hijacking in an unsecured network (e.g. hot spot ) with little effort and thus to use various online services with the identity of another user in this network. To do this, the extension uses a sniffer that reads the data traffic in the network and filters out unencrypted session cookies from various services. If these are found, they are listed in a sidebar and the relevant service can be used with the foreign identity with one click.
It was published by Eric Butler on October 24, 2010. The author explained that with the publication of this extension he wanted to draw attention to this vulnerability in many Internet services (including, for example, Amazon , Facebook and Twitter ) and to encourage the operators of these sites to act. Since Firefox version 23, the add-on is no longer officially compatible.
Dissemination, Countermeasures, and Detection
Initially, Firesheep spread very quickly and received a corresponding response in the media. Soon afterwards, some services such as Facebook and Twitter made continuously encrypted SSL connections available, initially optionally and later as standard, which preclude an attack such as that carried out by Firesheep.
Countermeasures
One of the ways to protect yourself against Firesheep is to use a secure connection. This can be implemented, for example, with HTTPS , a VPN or an encrypted WLAN connection.
- Avoidance of unsecured WLANs
- If you are in an encrypted WLAN ( WEP or WPA ), the attack becomes much more difficult. In a WLAN encrypted by WEP, the attack is still possible by cracking the WEP encryption, with WPA it becomes very difficult for each communication partner to start a successful attack using the Firesheep methods due to specially encrypted communication channels.
- Use of VPN connections
- The end user can also use a commercial or private virtual private network ( e.g. OpenVirtual Private Network ) to encrypt all data traffic. However, you have to trust the operator of the VPN that they will not steal the cookies themselves. This is particularly a problem in the Tor network as the traffic leaving the exit node is unencrypted.
- HTTPS
- HTTPS offers end-to-end encryption between the user agent and the web server. However, it is imperative that all traffic to the website is transmitted in the secure HTTPS channel and not just the login, as otherwise the user would again be vulnerable to stealing the session cookie.
recognition
In order to find out whether someone is using "Firesheep" on the local network , the Firefox program extension BlackSheep can be used , but only available for the 32-bit version. This software sends false session information and watches whether the session is stolen. While Firesheep is largely passive during normal operation, as soon as it has found a session ID, it makes a request to the same domain with the stolen information. Exactly this request is recognized by BlackSheep and the user is warned.
See also
Individual evidence
- ↑ Eric Butler: Codebutler - "firesheep". October 24, 2010, accessed May 9, 2012 .
- ↑ Daniel Bachfeld: Facebook now with SSL encryption throughout. January 27, 2011, accessed May 9, 2012 .
- ^ Seth Schoen: The Message of Firesheep: "Baaaad Websites, Implement Sitewide HTTPS Now!" October 29, 2010, accessed May 13, 2012 .
- ↑ ZScaler: BlackSheep - Firefox Add-on. November 8, 2010, accessed May 13, 2012 .