FireSheep is a Firefox Browser extension, released on October 2010, that uses a packet sniffer to intercept unencrypted cookies from websites such as Facebook and Twitter. With FireSheep the hacker can control any account without even knowing the username and password of the desired account.
Firesheep capture the cookies that are transmitted over HTTP protocol. Once we capture the facebook cookies of a user on our network, we can hijack their facebook session. Note that you can hijack any session that uses http connection. For example – if a user on your network is browsing gmail on an http connection then you can hijack their Gmail session. But once the user logs out, you won’t be able to access their account.
Firesheep doesn’t work anymore as these days people browse Facebook on a HTTPS connection. This means the cookies are encrypted!
SEE ALSO : Hijacking Facebook Session With Wireshark
How Does FireSheep Work?
In a HTTP connection, data are transmitted in a plain text format. Which means anyone on the same network can sit between the connection between two users (or user and server) and read all the information. This process is called Man In The Middle attack.
Firesheep does exactly the same thing. It sits between the connection between users and the server and captures the facebook cookies of the users. Once it captures the cookies, it displays the list of Facebook account, whose cookies it successfully captured, on a sidebar in the browser.
A user can then simply hijack the session of any of those facebook account by simply double-clicking on the victim’s name.
Steps To Hijack Facebook Session With FireSheep?
1. Download Firesheep from here.
2. Once you have installed it on Firefox web browser, Click on view at the top and then go to sidebar and click on Firesheep.
3. Now click on the “Start capturing” button and it will start capturing the session cookies of people on your network.
4. Once it captures the cookies of Facebook users on your network, it will show you the list of those Facebook account.
5. Double click on the photo and you will be logged into their Facebook account instantly.