Firesheep [Social Engineering]
Firesheep is a social engineering tool that enables you to login to a victims account using collected cookies through public wifi hotspots or your PC.
Fire Sheep is a Firefox plugin that hijacks sessions, enabling us to use an account without knowing the password.
The security flaw that Firesheep exploits the fact that although login in encrypted the session after that is not.
Firesheep uses wincap to capture and display authentication information for accounts it comes across.
Anybody with your IP (using same wifi hotspot for instance) and your cookie can be effectively considered as you.
You can try activating Firesheep and observe after some time who have logged in using your PC and you can hijack their session.
Firesheep is extremely easy to use, and effective social engineering attack, in most cases victims will be unaware of this sniffing program running.
Open the file with firefox
To prevent Firesheep, you can try:
- Avoid Public hotspots.
- Use VPN for public wifi.