Social Icons

Pages

Kamis, 18 November 2010

Firesheep HTTP Session Hijacking




Firesheep is a firefox extension to do the session hijacking. I was very surprised that this tools can hijack Facebook, Twitter, WordPress, Amazon, etc from the valid user. The most important thing that this tools is very easy to configure and to launch an attack. Just a few step : 1. Download Firesheep 2. Sit on a unencrypted wireless network 3. Turn on your wireless card and join the network 4. Start capturing with firesheep 5. Just waiting until some user authenticate at the facebook, twitter, etc.

Step by step :

1. The picture below is the interface of firesheep and you can click the red circle for preferences Firesheep Interface

2. In this picture you should choose which interface you want to capture the data. for example when you're in a wireless network, you should activate the wireless adapter. Firesheep Choose Network Adapter

3. This picture below tells you which website session can hijacked handle by this addons, Firesheep Website supported

4. Usually when capturing data, will use TCP port 80, because if it's 443 I think will be encrypted, but I still didn't try for another port :-) . Choose port to capture data

5. When you finish, click the "Start Capturing" and wait until someone authenticate some website on the website list. Data captured using firesheep

Prevention:

1. You can use Blacksheep,

2. You can tunnel your internet connection,

3. Don't use "Remember Me" feature in public internet area(Hotspot), and logout after you finish use the internet.

That's it. I hope you can use this tutorials in a good way

0 komentar:

Posting Komentar