HOME

TheInfoList



Click Here for Items Related To - Firesheep
OR:
Firesheep on:   [Wikipedia]   [Google]   [Amazon]

Firesheep was an
extension Extension, extend or extended may refer to: Mathematics Logic or set theory * Axiom of extensionality * Extensible cardinal * Extension (model theory) * Extension (predicate logic), the set of tuples of values that satisfy the predicate * E ...
for the
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...
web browser that used a
packet sniffer A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or p ...
to intercept unencrypted session cookies from websites such as Facebook and Twitter. The plugin eavesdropped on
Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio wave ...
communications, listening for session cookies. When it detected a session cookie, the tool used this cookie to obtain the identity belonging to that session. The collected identities (victims) are displayed in a side bar in Firefox. By clicking on a victim's name, the victim's session is taken over by the attacker. The extension was released October 2010 as a demonstration of the security risk of
session hijacking In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a ''session key''—to gain unauthorized access to information or services in a computer sys ...
vulnerabilities to users of web sites that only encrypt the login process and not the cookie(s) created during the login process. It has been warned that the use of the extension to capture login details without permission would violate wiretapping laws and/or computer security laws in some countries. Despite the security threat surrounding Firesheep, representatives for
Mozilla Add-ons Add-on is the Mozilla term for software modules that can be added to the Firefox web browser and related applications. Mozilla hosts them on its official add-on website. Browser extensions are the primary type of add-on. In 2017, Mozilla enacted ...
stated initially that it would not use the browser's internal add-on blacklist to disable use of Firesheep, as the blacklist has only been used to disable
spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
or add-ons which inadvertently create security vulnerabilities, as opposed to attack tools (which may legitimately be used to test the security of one's own systems). Since then, Firesheep has been removed from the Firefox addon store. A similar tool called Faceniff was released for Android mobile phones.


See also

*
Session hijacking In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a ''session key''—to gain unauthorized access to information or services in a computer sys ...
* Cookie hijacking *
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
*
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
*
HTTP Strict Transport Security HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other co ...


References


External links


Firesheep home page

Eric Butler


{{Use mdy dates, date=November 2022 Hacking (computer security) Free Firefox legacy extensions