How Firesheep Can Hijack Web SessionsFiresheep is a Firefox extension used to hijack web sessions, usually used over WiFi networks. Firesheep doesn't steal usernames and passwords, instead it copies session cookies used on authenticated websites. These are then used to impersonate the hijacked connection. Session hijacking, or sidejacking is a well known problem, ranking 3rd on OWASP's (Open Web Application Security Project) Top 10 Application Security Risk list. Attackers using Firesheep just need access to network traffic -- such
5 of 10
Now with full access to all traffic, Firesheep can identify applications in use. The social networks that Firesheep sees are listed in the left hand column. There are multiple entries for Google services because more than one is in use on the target computer. The Twitter window in the right hand pane has been sidejacked. The attacker can do anything with the account except change the password.
Firesheep Simplifies Stealing Logins
Firesheep Exposes Need For Encryption
5 of 10