Page 2 of 3
Essentially, Firesheep is a packet sniffer designed to detect cookies and analyze unencrypted Web traffic on an open Wi-Fi connection between a router and personal computers. Once users log onto a Web site, the site-specific cookie in the browser will then communicate with the site, providing the identity of the user with information such as username and session ID.
However, if users log onto one of the 26 sites, the Firesheep extension can sniff out the cookie associated with the visited site. The extension then enables hackers to capture the authentication cookies from these Web sites sent over an unsecure network, allowing miscreants to log on to one of the 26 applications as the original user.
For example, a hacker who hijacks a Facebook session could access a user's Facebook profile picture and then infiltrate the account, even without a password.
The Firefox extension was released on both Mac OS X and Windows platforms to bolster a talk presented by Butler at the Toorcon 12 security conference. Butler, who demonstrated the extension on his blog post, says he hopes to raise awareness about the need for Websites to use end-to-end encryption, known as HTTPS or SSL, to secure the entirety of a user's Web session.
"This is a widely known problem that has been talked about to death, yet very popular Web sites continue to fail at protecting their users," Butler said in his blog. "It's extremely common for Web sites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable."