[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Johnny Ferguson hyperflexed at gmail.com
Thu Oct 28 19:28:59 EDT 2010


On 10/26/2010 01:57 PM, Khalid Baheyeldin wrote:
> So, it is finally here.
>
> We have always known that unencrypted WiFi is bad, and someone
> can sniff the traffic and find the session cookie to the sites you login
> to and use it to login as you.
>
> Now, there is a FireFox extension that automates all that (Windows
> and Mac OS/X only). No packet sniffing or manually editing headers.

I tried building it on linux. Not much luck.

It would be cool to get this working. I was thinking of scripting it to 
sneak into facebook accounts on the open wifi at school and have it post 
"Tell IT to encrypt the wireless" on all their friends' walls. Kind of 
evil, but I can't deny the thought has crossed my mind. Would probably 
get the message across.

I had the impression that Facebook was using javascript on the login 
page to obfuscate the password, and that someone could inject a hostile 
javascript to get the passwords.... but this is so much more elegant.

 > *snip*

-johnny




More information about the kwlug-disc mailing list