BlackSheep – Detect Users Of FireSheep On The Network

As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep.

There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that too.

For the 1 person in the World left that doesn’t know, Firesheep allowed any user to seamlessly hijack the web session of another user on the same local network. Although such attacks are not new, the ease of use presented by Firesheep brought session hijacking to the masses.

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:

t should be noted that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.

Requirements

In order to install BlackSheep, you need:

• Mac OS X: 10.5 or newer on an Intel processor.
• Windows: XP or newer. Install Winpcap first!
• Firefox: 3.5 or newer. 32-bit only.
• Linux : details here

You can download BlackSheep here:

blacksheep-latest.xpi

Firesheep Makes Facebook Hacking Easy

Recently a new firefox addon Firesheep have been a cause of thousands of email accounts, As reported by techcurnch,  Firesheep has been downloaded more than 104,000 times in roughly last 24 hours, With Firesheep the hacker can control  any account without even knowing the username and password of the desired account, As Facebook is worlds most popular Social Networking website, therefore it has been the major victim of it, Firesheep uses Http Session hijacking attack to gain unauthorized access to a Facebook or any other account.

What is Session Hijacking?

In a Http session hijacking attack an attacker steals victims cookies, Cookies stores all the necessary Information about one’s account , using this information you can hack anybody’s account and change his password. If you get the Cookies of the Victim you can Hack any account the Victim is Logged into i.e. you can hack Facebook Google, Yahoo, Orkut, Flickr etc or any other email account.

How can a Hacker use Firesheep to Hack a Facebook or any other account?

Now I will tell you how can a hacker use firesheep to hack a facebook or any other account, You will need the following things:

• Public wifi access
• winpcap
  
• Firesheep(Download)

Method

1. First of all download “Firesheep” from the above link and use the “openwith” option in the firefox browser.

2. Once you have installed firesheep on firefox web browser, Click on view at the top, then goto sidebar and click on Firesheep.

3. Now click on the top left button “Start capturing” and it will start to capture the session cookies of people in your wifi network, This will show you the list of those people whose cookies are captured and have visited unsecured website known to firesheep, Double click on the photo and you will be logged in instantly.