Firesheep is a Mozilla browser extension that lets hackers command unencrypted Wi-Fi sessions and session cookies on websites. They later use these cookies to gain access to the victims’ accounts. This extension was designed by Eric Butler in 2010 to highlight how dangerous the most popular websites were.
It could scan any opened Wi-Fi network and intercept unencrypted HTTP traffic to find unique authentication cookies. These cookies were needed to access the accounts of people connected to the Wi-Fi. Fortunately, this tool no longer exists.
Examples of Firesheep functionalities
- It was capable of hijacking Facebook sessions and gaining access to user accounts. It could view inbox messages, reset user passwords, and even post status updates.
- Firesheep was also capable of accessing Twitter accounts, sending direct messages, and even posting tweets for the users
- Hackers were also enabled to disseminate phishing messages, spam, and other harmful content.
- It was notably capable of intercepting Gmail authentication cookies and accessing users’ email accounts without needing a password. The attacker could view, send, or erase emails and access other private data stored in the account.
How to prevent Firesheep
Even though the Firesheep is now long out of commission, hijacking unencrypted sessions and connections is still a real concern. As a result, you should do the following:
- Employ secure HTTPS connections.
- Avoid public Wi-Fi networks for any online activities you prefer to remain private.
- Use secure and complex passwords on your accounts.
- Set up multi-factor authentication on your accounts.
- Install a VPN
