{"id":2121,"date":"2010-10-30T14:54:37","date_gmt":"2010-10-30T14:54:37","guid":{"rendered":"http:\/\/www.coresecuritypatterns.com\/blogs\/?p=2121"},"modified":"2020-08-08T04:24:15","modified_gmt":"2020-08-08T04:24:15","slug":"firesheep-http-session-hijacking-made-so-easy","status":"publish","type":"post","link":"https:\/\/websecuritypatterns.com\/blogs\/2010\/10\/30\/firesheep-http-session-hijacking-made-so-easy\/","title":{"rendered":"Firesheep: HTTP Session Hijacking made so easy !"},"content":{"rendered":"<p>Way cool ! HTTP Session Hijacking can&#8217;t be made simpler than using <a href=\"http:\/\/codebutler.github.com\/firesheep\/\">Firesheep<\/a>. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as <a href=\"http:\/\/www.wireshark.org\/\">Wireshark<\/a> or sniffer to access my session information&#8230;but I was a bit surprised to see he used a simple and user friendly <a href=\"http:\/\/codebutler.github.com\/firesheep\/\">Firefox plugin (Firesheep)<\/a> to steal and access my session information. Believe it or not &#8211; in an unsecured network,&nbsp; <strong>Firesheep can easily capture active user session information exchanged with a Website that<\/strong><strong> uses clear-text\/unencrypted HTTP communication and session ID cookies<\/strong><em> <strong>irrespective of their underlying Operating System and user&#8217;s Browser<\/strong>. <\/em>Ofcourse sending and receiving clear-text over HTTP has always posed a huge risk and compromising the session cookie allows impersonation&#8230;.. interestingly majority of us don&#8217;t care much till we become a victim&nbsp; of a data loss !&nbsp; Even the many popular social network websites still uses clear-text over HTTP.<\/p>\n<p>With my first experience, Firesheep worked well on my Mac&#8230; capturing my Facebook and WordPress sessions running on a PC&#8230; so quick ! Not just Facebook sessions &#8211; if you are using an unsecured\/clear network and accessing any unsecured web site (without SSL), Firesheep can act as a &#8220;Man-in-the-Middle&#8221; attacker who can comfortably capture, hijack and obtain unauthorized access to the currently active user&#8217;s HTTP session. Unfortunately, there is no silver bullet to thwart these attacks unless you are aware and avoid the risks of using unsecured networks and clear-text communication.<\/p>\n<h3>Thwarting Firesheep !<\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft\" src=\"http:\/\/www.websecuritypatterns.com\/blogs\/wp-content\/uploads\/2009\/09\/kssl.png\" alt=\"\" width=\"155\" height=\"100\">If you are concerned about Firesheep attacks on the client side (user&#8217;s browser) then make sure to use a Secured VPN or Secure Shell (SSH) or IPSec or Encrypted WiFi (ex.WPA2) connection for accessing unsecured web applications. In case of accessing from unsecured networks, you may use <a title=\"Blacksheep\" href=\"http:\/\/research.zscaler.com\/2010\/11\/blacksheep-tool-to-detect-firesheep.html\" target=\"_blank\" rel=\"noopener noreferrer\">Blacksheep<\/a> tool which helps to find out whether your user session is currently being captured by a rogue Firesheep user on the network. In case of accessing Facebook, you may consider using <a href=\"https:\/\/www.eff.org\/https-everywhere\">HTTPS Everywhere<\/a> a firefox extension that allows to rewrite Facebook requests and other HTTPS supported Websites.<\/p>\n<p>On the server-side, if you are curious about securing your web application and user sessions from prying eyes&#8230;.here is some best practices that can help thwarting similar session hijacking attacks:<\/p>\n<ol>\n<li>Use SSL\/TLS communication to ensure encrypted transport between the user&#8217;s client and Web server.<\/li>\n<li>Use encrypted session cookies and use encrypt\/decryption mechanisms for setting and getting of cookie data.<\/li>\n<li>Enable Hostname\/IP address verification for all critical requests,&nbsp; identify and compare the current user&#8217;s host with the originating user&#8217;s host in the user&#8217;s session cookie.<\/li>\n<\/ol>\n<p>If you are concerned about SSL\/TLS overheads and looking for high-performance SSL\/TLS acceleration solutions then refer to my previous entries..that would able to help you.<\/p>\n<p>Goodluck.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Way cool ! HTTP Session Hijacking can&#8217;t be made simpler than using Firesheep. Couple of days ago, a friend of mine suggested me to login a most popular website and he demonstrated how he took control and accessed my user session in less than a minute. First, I thought he used a network protocol analyser tool such as Wireshark or&#8230; <a href=\"https:\/\/websecuritypatterns.com\/blogs\/2010\/10\/30\/firesheep-http-session-hijacking-made-so-easy\/\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15,4,20,21,6,8,9],"tags":[36,40,57,62,76],"class_list":["post-2121","post","type-post","status-publish","format-standard","hentry","category-cloud-security","category-compliance","category-java-ee","category-java-security","category-main","category-pki-main","category-security","tag-inputvalidation","tag-java-security","tag-pki-main","tag-security","tag-xss"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/2121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/comments?post=2121"}],"version-history":[{"count":2,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/2121\/revisions"}],"predecessor-version":[{"id":2850,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/2121\/revisions\/2850"}],"wp:attachment":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/media?parent=2121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/categories?post=2121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/tags?post=2121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}