1. Are you ready for the Galaxy S20? Here is everything we know so far!

Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi

Discussion in 'Computers' started by mikedt, Oct 31, 2010.

  1. mikedt

    mikedt 你好
    Thread Starter

    Firesheep Firefox Add-On Hijacks Twitter, Facebook Over Wi-Fi | News & Opinion | PCMag.com

    "If you didn't already know that plain HTTP sessions are utterly insecure, here's proof: A new Firefox addin named Firesheep captures sessions on open Wi-Fi networks and goes one step more sinister. It finds users logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote, Wordpress, Flickr, bit.ly and more, and lets you take over their sessions and become them."

    It's been known for a long time that session cookies can be sniffed from open and WEP secured WiFi. But in the past it was always a bit of a hack. This IMO is a game changer as it makes it so easy for anyone to do and get into another person's Facebook, Twitter, Yahoo!, etc.

    I've also found it works with wired Ethernet. as found in hotels. As long as one can sniff Ethernet packets, Firesheep will work. Solution is to always have an HTTPS connection, VPN or secure proxy.

    1. Download the Forums for Android™ app!


  2. SoulTerror

    SoulTerror Android Enthusiast

    Hhmm, gonna check it out.
  3. mikedt

    mikedt 你好
    Thread Starter

    I would actually like to see an Android application which can do what Firesheep does. One could really have some fun with this at airports, railway stations, Starbucks, etc.
  4. SoulTerror

    SoulTerror Android Enthusiast

    Trying it on an open wireless connection right now, but not picking anything up yet.
  5. SoulTerror

    SoulTerror Android Enthusiast

    I just logged onto a forum and it for some reason pulled up my gmail account in Firesheep.
  6. ArthurIhde

    ArthurIhde Well-Known Member

    i am checking your link thanks [​IMG]
  7. SoulTerror

    SoulTerror Android Enthusiast

    It's scary at how easy this works. Went to Engadget and it pulled up my Facebook information.

Share This Page