What is the modern day equivalent of Firesheep?
Solution 1
Cookie Cadger, being developed by a colleague of mine. Terrifying Java app that steals cookies from a large number of apps:
http://igniteshow.com/videos/cookie-monster-unnoticed-threat-open-wi-fi
Edit: Available now at https://www.cookiecadger.com/
Solution 2
To my understanding, all that Firesheep did was sniff out unsecured packets and pulled the information from there. Unfortunately there isn't a replacement extension (to my knowledge), but there are other options.
Wireshark does exactly this. I'm not as well versed in it's proper usage as I'd like to be, but there are many guides out there that can help you utilize it's functionality.
Solution 3
There is also DroidSheep for Android (requires root). The source is also available.
Related videos on Youtube
William Entriken
Lead author of ERC-721. Personal website and contact information: https://phor.net Promoting two open source projects: https://github.com/fulldecent/web-puc - A script to validate you are using the latest JQuery, Bootstrap, Font Awesome versions in your favorite PHP or other web front-end (compatible with Travis CI) https://fulldecent.github.io/cameralife/ - Mature LAMP project for displaying large photo collections on the web (i.e. your life work)
Updated on September 18, 2022Comments
-
William Entriken over 1 year
Firesheep came out on the scene in 2010 and rocked the world... and never made it to version 1.0. Mozilla has since released 15 major versions of Firefox and is incompatible with the extension. Is there a version that works with the latest Firefox or is one the 1000 forks on GitHub considered the successor to Firesheep?
-
Oliver Salzburg over 11 yearsWhat is Firesheep?
-
Sirex over 11 yearsbear in mind a lot of the security holes firesheep exposed on popular sites have since been closed.
-
Sirex over 11 years@oliver. Firesheep was a way to really easily (as in point and click) hijack other peoples website sessions on things like facebook because the websites only ssl encrypted the login phase. It made alot of noise in the news due to people using it on public wifi hotspots. Many sites have since either began using ssl for everything by default or by a user-set option.
-
Iszi over 11 years@Sirex is correct. And StackExchange, sadly, is not yet one of those sites that have switched to full SSL.
-
Tamara Wijsman over 11 yearsThe modern equivalent is to use HTTPS in the first place. Other than that you'll not need Firesheep for using Firefox...
-
-
Gnoupi over 11 yearsI would guess that making this a Java app in the current context makes it even easier to steal information.
-
nbkhope almost 10 yearsdriodsheep is used to get the password of a wpa wpa2 wifi connection not to get passwords for website log-ins i'm sure some of the base code could be used to make an adaptation to firesheep if someone was feeling froggie though
-
Denilson Sá Maia almost 10 years@tinkeringgnome: What are you talking about? Neither Firesheep nor Droidsheep get WPA Wi-Fi passwords. They "just" intercept cookies from HTTP connections.