What is the modern day equivalent of Firesheep?

firefox security https
101,602

Solution 1

Cookie Cadger, being developed by a colleague of mine. Terrifying Java app that steals cookies from a large number of apps:

http://igniteshow.com/videos/cookie-monster-unnoticed-threat-open-wi-fi

Edit: Available now at https://www.cookiecadger.com/

Solution 2

To my understanding, all that Firesheep did was sniff out unsecured packets and pulled the information from there. Unfortunately there isn't a replacement extension (to my knowledge), but there are other options.

Wireshark does exactly this. I'm not as well versed in it's proper usage as I'd like to be, but there are many guides out there that can help you utilize it's functionality.

Solution 3

There is also DroidSheep for Android (requires root). The source is also available.

Share:
101,602

Related videos on Youtube

William Entriken
Author by

William Entriken

Lead author of ERC-721. Personal website and contact information: https://phor.net Promoting two open source projects: https://github.com/fulldecent/web-puc - A script to validate you are using the latest JQuery, Bootstrap, Font Awesome versions in your favorite PHP or other web front-end (compatible with Travis CI) https://fulldecent.github.io/cameralife/ - Mature LAMP project for displaying large photo collections on the web (i.e. your life work)

Updated on September 18, 2022

Comments

  • William Entriken
    William Entriken over 1 year

    Firesheep came out on the scene in 2010 and rocked the world... and never made it to version 1.0. Mozilla has since released 15 major versions of Firefox and is incompatible with the extension. Is there a version that works with the latest Firefox or is one the 1000 forks on GitHub considered the successor to Firesheep?

    • Oliver Salzburg
      Oliver Salzburg over 11 years
      What is Firesheep?
    • Sirex
      Sirex over 11 years
      bear in mind a lot of the security holes firesheep exposed on popular sites have since been closed.
    • Sirex
      Sirex over 11 years
      @oliver. Firesheep was a way to really easily (as in point and click) hijack other peoples website sessions on things like facebook because the websites only ssl encrypted the login phase. It made alot of noise in the news due to people using it on public wifi hotspots. Many sites have since either began using ssl for everything by default or by a user-set option.
    • Iszi
      Iszi over 11 years
      @Sirex is correct. And StackExchange, sadly, is not yet one of those sites that have switched to full SSL.
    • Tamara Wijsman
      Tamara Wijsman over 11 years
      The modern equivalent is to use HTTPS in the first place. Other than that you'll not need Firesheep for using Firefox...
  • Gnoupi
    Gnoupi over 11 years
    I would guess that making this a Java app in the current context makes it even easier to steal information.
  • nbkhope
    nbkhope almost 10 years
    driodsheep is used to get the password of a wpa wpa2 wifi connection not to get passwords for website log-ins i'm sure some of the base code could be used to make an adaptation to firesheep if someone was feeling froggie though
  • Denilson Sá Maia
    Denilson Sá Maia almost 10 years
    @tinkeringgnome: What are you talking about? Neither Firesheep nor Droidsheep get WPA Wi-Fi passwords. They "just" intercept cookies from HTTP connections.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why am I suddenly getting a "Blocked loading mixed active content" issue in Firefox?
Is there such a thing as the "Tamper Data firefox plugin" for chrome?
window.opener.document.getElementById("parentId1").value = myvalue not working
How can I use curl to simulate a request from Firefox over a proxy?
Why do I get browser warnings on my new lets encrypt ssl setup?
Does renewing SSL certificate require re-issuing the cert?
SSL session persistence and secure cookies
How to compare SSL certificates using AFNetworking
Is there a way to lock my browser with a password?
How to disable cache in Firefox?