[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...
Johnny Ferguson
hyperflexed at gmail.com
Thu Oct 28 19:28:59 EDT 2010
On 10/26/2010 01:57 PM, Khalid Baheyeldin wrote:
> So, it is finally here.
>
> We have always known that unencrypted WiFi is bad, and someone
> can sniff the traffic and find the session cookie to the sites you login
> to and use it to login as you.
>
> Now, there is a FireFox extension that automates all that (Windows
> and Mac OS/X only). No packet sniffing or manually editing headers.
I tried building it on linux. Not much luck.
It would be cool to get this working. I was thinking of scripting it to
sneak into facebook accounts on the open wifi at school and have it post
"Tell IT to encrypt the wireless" on all their friends' walls. Kind of
evil, but I can't deny the thought has crossed my mind. Would probably
get the message across.
I had the impression that Facebook was using javascript on the login
page to obfuscate the password, and that someone could inject a hostile
javascript to get the passwords.... but this is so much more elegant.
> *snip*
-johnny
More information about the kwlug-disc
mailing list