InformationWeek: The Business Value of Technology

How Firesheep Can Hijack Web Sessions

By Mike Fratto 11/03/2010 Firesheep is a Firefox extension used to hijack web sessions, usually used over WiFi networks. Firesheep doesn't steal usernames and passwords, instead it copies session cookies used on authenticated websites. These are then used to impersonate the hijacked connection. Session hijacking, or sidejacking is a well known problem, ranking 3rd on OWASP's (Open Web Application Security Project) Top 10 Application Security Risk list. Attackers using Firesheep just need access to network traffic -- such as on an unencrypted WiFi network, or with a man-in-the-middle attack. Here's how it's done.

< Previous
1
2
3
4
5
6
7
11
Next >

E-mail
Share

HTTP Headers

Lots of information is carried in HTTP headers -- more than enough to get attackers started. Unless you are using an encryption method like SSL/TLS end to end, this information is available to anyone with access to the media.

Introduction to Firesheep

Owasp Top 10 Application Security Risk

Firesheep Exposes Need For Encryption

< Previous
1
2
3
4
5
6
7
11
Next >

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.