This extension takes the shape of a side panel in Firefox, displaying the avatar and the name of the users that are "caught". By double clicking on this avatar, you are automatically logged on the user account and you can access his/her personal infos. This sniffing method is nothing but new, but now everyone is able to do it.
 |
| Sniffing, easy as a click ! |
If you want to take a look/test (for educational purposes only of course ^^ ), Firesheep is available here and to use it under Windows you'll need Winpcap.
Now take a sneak peek under the hood. The exploit here ? A lot of websites don't secure all of their communication with HTTPS, a lot of them only encrypt the login part of the message "forgetting" the non-encrypted access to the cookie...
But don't worry ! A lot of websites have work to do to patch this exploit but meanwhile you can force an HTTPS encryption with those sites. In order to do that you'll have to install the ForceTLS Firefox extension. After a quick set up, you'll be able to tell on which website you want to encrypt your infos.
