How Firesheep Can Hijack Web SessionsFiresheep is a Firefox extension used to hijack web sessions, usually used over WiFi networks. Firesheep doesn't steal usernames and passwords, instead it copies session cookies used on authenticated websites. These are then used to impersonate the hijacked connection. Session hijacking, or sidejacking is a well known problem, ranking 3rd on OWASP's (Open Web Application Security Project) Top 10 Application Security Risk list. Attackers using Firesheep just need access to network traffic -- such
4 of 10
Once the MAC addresses are found, the attacker sets up a man-in-the-middle connection between the targets, in this case 192.168.1.6 and 192.168.1.3 and the router 192.168.1.1. The word "Poisoning" in the shot above means the software is working. Neither the destination site or user is aware of the attack.
Firesheep Simplifies Stealing Logins
Firesheep Exposes Need For Encryption
4 of 10