You may have heard about Firesheep, a new Firefox browser add-on that lets anyone easily snoop over Wi-Fi and hijack your identity for services such as Facebook and Twitter. This is rather scary; if you”re using Wi-Fi in a coffee shop and access one of these sites, the guy in the corner with a laptop could just go click-click and be logged in as you. He could then start updating your Facebook status and feed for instance. Even if you log in securely over SSL, you”re not protected.
The quick explanation
The Firesheep site gives an overview of its operation: after you log into a website, the website gives your browser a cookie. By snooping on the Wi-Fi network, Firesheep can grab this cookie, and with the cookie the Firesheep user can hijack your session just as if they are logged in as you.
You may be wondering what these mysterious cookies are. Basically, a cookie is a short block of characters. The cookie consists of a name (e.g. “datr”) and a value (e.g. “QKvHTCbufakBOZi5FOI8RTXQ”). For a login cookie, the website makes up a unique value each time someone logs in and sends it to the browser. Every time you load a new page, your browser sends the value back to the website and the website knows that you”re the person who logged on. This assumes a couple things: first, that a bad guy can”t guess the cookie (which would be pretty hard for a long string of random characters), and second, that nobody has stolen your cookie.Web pages usually use https for login pages, which means SSL (Secure Socket Layer) is used to encrypt the data. When using SSL, anyone snooping will get gibberish and can”t get your userid and password. However, because https is slower than regular http (because all that encryption takes time), websites often only use the secure https for login, and use insecure http after that. Banking sites and other high-security sites typically use https for everything, but most websites do not.The consequence is that if you”re using unencrypted Wi-Fi, and the website uses insecure http, it”s very easy for anyone else on the Wi-Fi network to see all that data going to and from your computer, including the cookies. Once they have your cookie for a website, they can impersonate you on that website.This insecurity has been known for a long time, and it”s easy for moderately knowledgeable people to use a program such as tcpdump or wireshark to see your network traffic. What Firesheep does is makes this snooping so easy anyone can do it. (I would recommend you don”t do it, though.)
The detailed explanation
A few things about Firesheep still puzzled me. In particular, how do other people”s network packets get into your browser for Firesheep to steal?To get more information on how Firesheep works, I took a look at the source code. Since it”s open source, anyone can look at the code at http://github.com/codebutler/firesheep.The packet sniffing code is in the firesheep/backend/src directory.
Đang xem: How does firesheep work