6 Like

Firesheep

When logging into a website you usually start by submitting your username and password.

Free Open Source
Mac
Windows
Firefox
Discontinued

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.... More Info »

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.

After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.

Link to official Firesheep site

Official Website

Feature

Firefox Extensions Add a feature

Categories

Security & Privacy Web Browsers

Tags

Discontinued firefox-extension hacking spying

Firesheep was added by Zatox in Nov 2011 and the latest update was made in Jan 2019. The list of alternatives was updated Feb 2013 There is a history of all activites on Firesheep in our Activity Log. It's possible to update the information on Firesheep or report it as discontinued, duplicated or spam.

Firesheep is discontinued. Find alternatives in the list below or click here for more info

Incompatible with Firefox 4 and newer

MORE APP INFO Official website

Reviews 0

Alternatives to Firesheep for all platforms with any license

Cookie Cadger

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

Free Open Source Mac Windows Linux
Facebook integration Add a feature

5 Like
CookieMonster

CookieMonster that demonstrates HTTP session hijacking attacks. It sniff your network interface and hijack all cookie. The hijacked cookies can be edit and/or injected...

Free Open Source Linux
Lovecraftian Add a feature

2 Like

Know any alternatives we haven't listed?

We want more alternatives to Firesheep. Feel free to add any alternative that you know of, or ask your friends on Twitter or Facebook if they can help out.

Firesheep Comments

Echo echo ... Feels empty in here

Maybe you want to be the first to submit a comment about Firesheep? Just click the button up to your right!