Hack passwords by Hijacking HTTP cookie using Firesheep

While you are on a public network like your college’s or office’s unsecured wifi.Then this is the time that you should think about your account security.If you think that facebook or Twitter are secured websites then it’s the time to face the reality they are not secured.Whenever you login into your facebook or twiiter account check the address bar of your browser you will see something like http://www.facebook.com/home.php? Similar is the case with twitter.They use http protocol instead of secured https protocol( they use http by default unless changed to https).But if you login into your gmail account you will notice that it uses https protocol.So, the trick I am telling you works only on websites like facebook,twiiter,flickr but not on secured websites like Gmail.So here is Trick to Hack Passwords of these sites on a unsecured Wifi and also the method of protection from this hack.This trick doesnot require any programming knowledge and everyone can use this trick easily.

Release of Firesheep firefox addon really showed how most of the popular websites today are vulnerable to hacking. Eric Butler introduced his Firefox addon Firesheep which is really a masterpiece hacking tool used to hack wireless network users using HTTP session hijacking.

What is HTTP Session Hijacking

As we all know, whenever we login to any website, the webserver of the website replies back with a "cookie" which is used by client browser for further requests. Thus, cookie is used by webserver to identify the logged user and thus, maintain session of this user. Now, if we get this cookie of the victim, we can do all things same as the logged user (victim) himself. Since, we are now having the cookie of victim, webserver grants all session rights of victim to us. This way of hijacking cookies is called session hijacking. We can easily hack wireless network users by this Session Hijacking.

In wireless networks, exchange of cookies takes place through air, due to which one can easily intercept them and this session hijacking can be implemented easily.

Firesheep - How to hack wireless network users:

1. Download Firesheep firefox addon to hack wireless network users.

2. Install this addon in your Firefox (working pefect on Windows XP and Windows Vista). Restart Firefox. Connect to any public wireless network.

3. Now, in the sidebar, hit on "Start Capturing" and Firesheep searches for and captures cookies in wireless network.

4. As soon as anyone on the wireless network visits any insecure website known to Firesheep, their name and photo will be displayed in the sidebar. Now, simply double click on someone and you're into his/her account. Thus, you are able to hack wireless network user.

Websites that are vulnerable to Firesheep:

As is reported, the two social network giants Facebook and Twitter are vulnerable and hence attacked largely by Firesheep. Also, other websites vulnerable are: Foursquare, Gowalla, Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, WordPress, Yahoo and Yelp.

Solution to Firesheep attack:

Personal Protection:

Firesheep hack can be implemented only if the website does not use secure HTTPS connections. So, we can lay down Firesheep hack, if we inform Firefox to always use secure connections. This can be implemented by using Firefox addon Force-TLS.

Securing whole Wireless network:

Also, it is necessary to secure other users of wireless network. So, FireShephard - the anti-Firesheep tool has been released which shuts down Firesheep running on any computer in the wireless network. FireShephard basically floods the nearby wireless network with packets which are designed to turn off Firesheep. This surely secures all users of the wireless network.

This is all about cookie hijacking.so be secure and alert while using unsecured networks.


Post a Comment

Recommend us on Google!


Twitter Delicious Facebook Digg Stumbleupon Favorites More