BASIC HACK AND TECH FOR BEGINNERS: FIRESHEEP TUTORIAL (Http Session Hijacking)

Tuesday, February 1, 2011

Firesheep a Firefox addon has recently become very popular for easily carrying out a HTTP session hijacking attack. Http session hijacking attack can't be considered as a very sophisticated attack but needs some technical knowlegde to be performed . But Firesheep makes the attack a child's play. Firesheep was developed by Eric butler for Firefox, it was released at Toorcon 12 to demonstrate how serious cookie stealing can be.
Now lets understand how Firesheep actually works. When you provide your username and password in login forms of different website and submit it, the browser first encrypts the password and then sends it over the network. The corresponding website compares the information against its internal database and if they match, it sends a cookie(a small text file) to your browser. The browser saves this cookie and uses it to authenticate the user on the website every time the user opens a different page of the website. When the user logs out of his account the browser just deletes the cookie. Now the problem is that this cookies are not encrypted before sending over the network, due to this a hacker can capture this cookies and using them authenticate himself as the user from whom the cookie was stolen.
Now lets see how to use Firesheep.

Step 1) First download and install WinPcap (WinPcap in Windows is used for capturing network traffic.)
            You can use Pcap in libPcap library for unix like systems.
            DOWNLOAD WinPcap

Step 2) Download and open Firesheep in Firefox, it will automatically install it. Or just drag it and place it
             over Firefox shortcut (Firesheep at this instant is not supporting Firefox 4 ).
   DOWNLOAD Firesheep.

Step 3) After it is installed, in Firefox go to View -->Sidebar --> Firesheep. A side bar will appear in the
            browser with a button "start capturing", press it and sit back. In few seconds you will see account
            details with photos of the target. Click on one of it and you will directly enter in his account. Simple
            as that.

Note:- Using Firesheep to hijack others account is illegal under wiretapping Act.

29 Responses to “FIRESHEEP TUTORIAL (Http Session Hijacking)”

Leave a response |

Comments (Atom)

Unknown said...

May 13, 2011 at 12:55 AM

Great work!!! Keep doing it!!
All the best

Anonymous said...

June 24, 2011 at 8:24 AM

'>Check this XSS guide

September 8, 2011 at 2:48 AM

is this easily tracked?

September 25, 2011 at 12:28 PM

FIRESHEEP TUTORIAL is not working for latest versions of firfox

September 25, 2011 at 12:43 PM

i am using firefox 3.0
no sidebar found
but successfully installed FIRESHEEP TUTORIAL

mayur shett said...

September 25, 2011 at 2:12 PM

@Teja
Eric butler created Firesheep for a security conference where he wanted to bring to the attention, how easy it can be to get other's passwords at Wi-Fi hotspots. That done i think he has no reason to maintain Firesheep as he is a cyber security expert and may not want to encourage it.

To get the sidebar after it is installed, in Firefox go to View -->Sidebar --> Firesheep.

October 12, 2011 at 6:19 AM

firesheep still can be use ?

November 5, 2011 at 5:01 PM

If it is done will anyone track it out?

November 23, 2011 at 2:47 AM

i dwnloaded firesheep but how can i install it?if i try to open the file they say to search for a prgram to find out from the web

November 23, 2011 at 4:54 PM

@Anonymous
Ya so when the box pops out asking to open the file go to select other programs and choose firefox. It will automatically install it for you.

November 24, 2011 at 4:24 PM

when i click on start capturing it shows an error "invalid interface" what can i do........... help me

December 28, 2011 at 10:23 PM

I press "start capturing" but it does nothnig.

December 29, 2011 at 11:17 AM

so,firesheep captures random people's information. what if i want to know only one specific person's password (also consider that i do not have a physical access to his computer)- and i do not want to use Phishing, advise please?
-C.c.

December 30, 2011 at 4:32 AM

This doesnt work for me I cant even get it to "start capturing"

January 6, 2012 at 11:03 PM

this sucks and its dumb i hate this ,skrew this thing

January 15, 2012 at 1:37 AM

Do i need to have a wireless connection or can i do it with a dial-up connection?

ahmad said...

January 15, 2012 at 6:34 PM

i have confused
i dnt know how to use any of them

January 25, 2012 at 4:40 PM

in my firefox error is coming indicating Invalid Interface

February 11, 2012 at 6:57 PM

i was trying to instal FIRESHEEP TUTORIAL .....bt its nt hapng...tell me guyz any sugetion i alrdy instal winpcap bt nthng is wrking....???

iStudio said...

February 20, 2012 at 4:32 PM

i can't install firesheep for firefox 9.0.1

Kristo Lito said...

February 24, 2012 at 2:39 AM

0/connect to a network
1/download firefox 3.6.17
2/download the firesheep xpi file
3/open the firesheep file with firefox
4/install it
5/restart firefox
6/view-sidebar-firesheep
7/good luck !

qoley said...

February 28, 2012 at 12:23 AM

hey, i have already installed firesheep xpi file to the fireox 3.6.17, after that i restart the firefox and i not see the view sidebar firesheep at the firefox 3.6.17... why?

March 23, 2012 at 5:35 PM

duuuuddeee please tell me how to hack a single persons account using this ??

CassandraZ said...

June 27, 2012 at 10:58 AM

FAKEEEE

September 23, 2013 at 6:08 PM

not capturing any data or account... i have clicked start capturing

March 13, 2014 at 1:52 AM

when I click start capturing it says invalid interface?

December 18, 2015 at 12:17 AM

helooo i am dowonload fire sheep all is okk but dosenot capture any thing plzzzzzz help me reply of me my email minsha107@gmail.com

February 14, 2016 at 9:40 AM