WiFi Killer-FireSheep

Security researcher always warned people about the bug and vulnerability of public networks and unencrypted services, life changes every day the new day come with some new vulnerability.

As you know that when you logging into a website your enter your user-name and password and then the server check your submitting user-name and password with their record and than assign you a cookies for your browser to get connected with server, what happen when you are logging and someone will get your cookies and use it on his browser, yes this is called session hijacking.


Over a year ago, session hijacking need some technical knowledge and the new and inexperienced user’s cant do this, but the time has been changed and a Firefox add-on called Firesheep introduced that hijack the facebook,myspace and twitter session over an open network. FireSheep is free, open source and available almost on every operating system.

How Firesheep Works

Firesheep is a packet sniffer that analyze received packets from unencrypted websites on a open network like WiFi connections.
An attacker install firesheep and the new side bar appears on Firefox and the extension wait for the 26 websites that are in firesheep database to log in, when someone log in in any of these websites than firesheep capture his session id or user-name and password.   

If you know the difference between HTTP and HTTPS than you can easily understand the working of FireSheep, yes when your browser shows HTTPS instead of HTTP means your are logging on an encrypted website.

Protection

  • Use a VPN(Virtual Private Network) that create a secure tunnel for your data.
  • Use HTTPS everywhere, it is a firefox add-on.
  • Avoid visiting such websites, when you connected to the public access networks, in place like coffee shops and airports.


Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

LINUX GAME HACKING GUIDE 2021

In the past, most games had cheat codes, yet these days it's more uncommon. As a programmer, I like to perceive how things work,...

Phishing Prevention: How to Secure Your Organization Against Phishing Attacks

Phishing is a type of cyberattack that aims to trick people into giving up their sensitive information or hack into a system by means...

Automated Penetration Testing Prevents High-Risk Vulnerabilities

According to new research from Positive Technologies, a substantial 84% of companies contain high-risk vulnerabilities within their network perimeter. Scanning as many as 3,514...

Security Concerns When You’re Running Your Company From Abroad

The world of technology makes it possible for entrepreneurs to run their businesses from any location worldwide. You could travel and move to any...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.