Ad
Screenshot
Proton VPN icon
Proton VPN

Protect your privacy and browse securely with Proton VPN — fast, reliable, and built with strong encryption for complete online freedom.

https://protonvpn.com
Learn More
Firesheep icon
Firesheep icon

Firesheep

 6 likes

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.

Firesheep screenshot 1

License model

  • FreeOpen Source

Platforms

  • Mac
  • Windows
  • Firefox
Firesheep screenshot 1
Firesheep screenshot 2
Firesheep alternatives  
Discontinued

Incompatible with Firefox 4 and newer

  No rating
6likes
0comments
2alternatives
0news articles

Features

Suggest and vote on features
No features, maybe you want to suggest one?

 Tags

Firesheep News & Activities

Highlights All activities

Recent activities

No activities found.
Ad
Screenshot
Proton Mail icon
Proton Mail

Secure your inbox with Proton Mail—encrypted email that keeps your communication private and your data safe.

https://proton.me
Learn More

Firesheep information

  • Developed by

    Unknown

  • Licensing

    Open Source and Free product.

  • Alternatives

    2 alternatives listed

  • Supported Languages

    • English

AlternativeTo Category

Web Browsers

Popular alternatives

View all

Our users have written 0 comments and reviews about Firesheep, and it has gotten 6 likes

Firesheep was added to AlternativeTo by RemovedUser on Nov 10, 2011 and this page was last updated Sep 9, 2022.
No comments or reviews, maybe you want to be first?
Post comment/review

What is Firesheep?

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests. It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.

This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.

Today at Toorcon 12 I announced the release of Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.

After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.

Official Links