So does this applies to school computers in the com labs? If so, thats kind of scary

What Firefox version did you use in this video?

noooo don't steal my cookies there my choc cookies

thank you!

11 minutes just to show us 2 plugins that prevent a hijack...

if you go into an incognito window in google chrome or private browsing are you protected as well????

fucking douches at university used this today.

Here is the easy-to-use solution against Firesheep: secdrive.com

@secdrive Thanks for sharing this, I'm really grateful. The original idea of SecDrive was my father's. So I'm happy to see that people enjoy it.

Their taking my cookies :(

Get add-on called Fire Shepard, this blocks FireSheep completely.

get an adon called black sheep, this program detects if someone is using firesheep on the wireless network

One thing I noticed you can do is logout when you are finished. If you log out the session ends and they cant get into your Facebook. But alot of people dont logout they just close the browser or even put the computer to sleep. Even if you move to a new network and they havent logged out, you can still get to their Facebook page.

So will disabling cookies stop this from happening ?

@SilentKiller01 u cant log in without cookies

@SilentKiller01 Yes but it will also make you unable to login, so it's a pretty crappy solution.

thank you for the clear explanation Samuel. well done video :-)

@buffelting Thanks for this very clear explanation of a problem I didn't even know I had. Still not 100% sure what I should do though. does this mean that people can hack into basically all and any computers if the internet conncetions aren't secured by a personal password?

skip to 7:10 <_<

All you have to do is fire up ssltrip to get around ssl, so that doesn't help you. Don't do stuff on wifi point's you haven't personally hardened with static arp and wpa2 as well as mac filtering.

What many have not mentioned, is that Firesheep also works with wired Ethernet. If one can monitor packets going through an Ethernet network, like in a hotel. Firesheep will also work for grabbing session cookies from hotel Ethernet networks. Basically hotel Ethernet is not any more secure than open or WEP secured WiFi.

Is there an Add-on for google chrome similar to force tls? Firefox caused my system to crash several times.

Thanks for sharing your knowledge Sam, it was a very clear explanation

@yxamyxam you are very welcome.

Are you from Wisconsin?

There are different kinds of cookies... Firesheep target session cookies which are only active when u are communicating with a website such as facebook. As soon ad you log out the session is ended .. Firesheep can no longer use those cookies cos u logged out

wat about protecting ur mobile browsing on a smart phone running android is there a way besides not using wifi lol?

can you session still be hijacked even if you log out?

@esepablo19 no because you kill the session thats what logging out does

does firesheep also work on private wifi

STEAL YOU COOKIES.

I don't even see an extension called Firesheep. Just a theme.

@SBPStudio Firefox doesn't publish this extension in its catalogs. You need to go download and install

if i use google chrome can someone still see what im doing??? or is it only firefox2firefox??

@importspeed9161981 it doesn't matter what you use, they can still see your web traffic when you use an open network.

@mooserman911

Oh, but can it sniff cookies from networks with AES or WPA2 ??? :P

XD

Answer: No it cant-

and in the odd case they're already able to get onto a network like that - other users STILL are envrypted by the network

SO if you set up your router, give it a password, then tell yourself and me the password and i go on FB, you wont be getting it despite being able to "access the network"

@tippership I believe you misunderstand WPA2-Personal encryption and have confused it with WPA2-Enterprise. Only Enterprise encrypts each user on the wireless router individually. Therefore, if I have the key to get onto the WPA2 network I also have ALL traffic upon the network unencrypted.

Now, if they are using TLS that is not going to be unencrypted of course, but Firesheep works fine over WPA2 encrypted wireless. If one doesn't have the key, well that's one more step but not that difficult

@tippership Yep and that is what people should use at thier house.

@importspeed9161981 every browser uses session cookies.

no one is stealing my cookies or i will cry :)

@samyalley where can we find the firesheep addon? O_o I'm from Macedonia, a bit far from every other place on Earth so... no worries about me abusing it xD

other than than GREAT VIDEO

@gomadzevik here.. nosecare.110mb.com/download/fi­resheep-0.1-1.xpi

No virus!

Why your OS is at 2009 ? Did you make this video year ago? =P

@Dexu666 i am a fortune teller, i knew about firesheep even before it was made . Just kidding my clock was just jacked up.

Hi, i was able to install the firesheep addon into the firefox, but when i click on the start capturing button, an error is throw, which reads ---> \\Device\\NPF_GenericDailupAda­pter: Error opening adapter: The system cannot find te device specified.(20)

How do i fix this issue???? plz help

Hi, i was able to install the firesheep addon into the firefox, but when i click on the start capturing button, an error is throw, which reads ---> \\Device\\NPF_GenericDailupAda­pter: Error opening adapter: The system cannot find te device specified.(20)

How do i fix this issue???? plz help

Great video, showing everything in an easy way.