Sidejacking | Firesheep Tutorial and Countermeasures.

Recently Eric butler at Toorcon12 exposed and demonstrated the session hijacking problem (aka sidejacking) with the help of a selfmade addon of firefox called "Firesheep".Using this method the attacker can control the account of the victim even knowing the password .This tool can also be used to hack facebook account
,twitter etc.Today in this post I will discuss how this is carried out and the countermeasures needed to avoid this problem.So lets start....
I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.

What is Http Session hijacking(aka Sidejacking)?

In session hijacking an attacker hijacks(or controls) the user's session after the user has successfully logined or authenticated with the desired server.Here in this post the addon "firesheep" works like a sniffer and captures the cookies of the user on the same wireless network used to authenticate to few predefined webpages in the addon.This problem still persits in https websites also because it only encrypt the login of the users but after the rest of the session is left unencrypted.


Requirements:

1.Public Wifi access.

2.Winpcap (Download)

3.Firesheep (Download)

Procedure:

1.Download the "firesheep" from the above link and using the "openwith" option open it in Firefox.

2.Having installed it,restart the browser and follow the instruction in the image below.

3.Now you can see the firesheep has opened up in the sidebar then follow the instructions in the image below.

4.Then click on the "Start capturing" button at the top.Before doing this make sure that you are connect to an open wifi network say your college or campus wifi.

5.After doing that wait for few seconds and you will see the result will start appearing in the sidebar as shown below.Click on any result and the pre authenticated session will open in your browser.

So the users using public wifi like in airport or accessing internet in coffee shop need to be careful.Follow the below countermeasures


Countermeasures:

1.Https is not the solution to this problem rather you can use VPN to access public wifi.There are few paid services also look out in google.

2.You can also setup your own server using Cygwin and use the SSH client putty to use it and configure your browser to use socks proxy.Then access the desired website.
 
"If you find this post useful and informative do post your comment and share it."
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 6 comments:

Rohit on November 19, 2010 at 6:13 PM said...

Its a nice Post bro ... thanks for sharing

Satyajit (Admins,a.k.a Satosys) said...

Thanks that you liked it... :) keep visiting :)

::KNB:: on April 12, 2011 at 4:10 PM said...

its great.... its cool as wireshark & zenmap :)

Anonymous said...

hi,
first of all THANK YOU for post!
and then...i don't know why but..don't works for me...why?
It don't doing nothing when I do "start capturing"...when I Logging in Facebook..nothing! with google chrome too! by this pc or another pc in the same router. why...can u help me?
thank u so much.
byebye

zues love on September 4, 2011 at 5:36 PM said...

this really a good content for new kids in the hacking area.

Anonymous said...

tanuj... dont know weather ill get a reply or not....
still i want to ask that is this possible only for wifi....
what about broadband or usb net ..????

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates