FIRESHEEP TUTORIAL (Http Session Hijacking)

Firesheep a Firefox addon has recently become very popular for easily carrying out a HTTP session hijacking attack. Http session hijacking attack can't be considered as a very sophisticated attack but needs some technical knowlegde to be performed . But Firesheep makes the attack a child's play. Firesheep was developed by Eric butler for Firefox, it was released at Toorcon 12 to demonstrate how serious cookie stealing can be.
Now lets understand how Firesheep actually works. When you provide your username and password in login forms of different website and submit it, the browser first encrypts the password and then sends it over the network. The corresponding website compares the information against its internal database and if they match, it sends a cookie(a small text file) to your browser. The browser saves this cookie and uses it to authenticate the user on the website every time the user opens a different page of the website. When the user logs out of his account the browser just deletes the cookie. Now the problem is that this cookies are not encrypted before sending over the network, due to this a hacker can capture this cookies and using them authenticate himself as the user from whom the cookie was stolen.
Now lets see how to use Firesheep.


Step 1) First download and install WinPcap (WinPcap in Windows is used for capturing network traffic.)
            You can use Pcap in libPcap library for unix like systems.
            DOWNLOAD WinPcap

Step 2) Download and open Firesheep in Firefox, it will automatically install it. Or just drag it and place it
             over Firefox shortcut (Firesheep at this instant is not supporting Firefox 4 ).
             DOWNLOAD Firesheep.

Step 3) After it is installed, in Firefox go to View -->Sidebar --> Firesheep. A side bar will appear in the
            browser with a button "start capturing", press it and sit back. In few seconds you will see account
            details with photos of the target. Click on one of it and you will directly enter in his account. Simple
            as that.

Note:- Using Firesheep to hijack others account is illegal under wiretapping Act.

REVEALING PASSWORD HIDDEN BEHIND ASTERISKS

When you type a password in the password form while logging into any of your account the letters of the password are hidden behind asterisk, so that nobody can have a sneak peak at your password. But many times you may want to know whats behind the asterisks. Here are some methods to reveal the passwords behind asterisks.

1) Using Javascript

Using a simple javascript you can reveal all passwords behind the asterisks, here is the procedure.
1)Open the webpage containing the login form with the password behind the asterisks.

 2) 
javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords on this page:\n\n" + s); else alert("No passwords in on this page.");})();


Copy the above javascript and paste it in the address bar of the browser and press enter. Instantly a box with the password pops out.

This method works on mostly all the browsers and all the websites like facebook, gmail etc.





2)Password Viewer

Using password viewer you can take a quick look at the passwords hidden behind asterisks in the password Field. Using it you can also view password in the input field data on a page inside Internet explorer window. It is very useful to see password in the instant messaging software like Gtalk and Yahoo messenger. Just click on the hand and place the telescopic pointer on the password field it will instantly reveal the password.


DOWNLOAD