How can you protect yourself from session hijacking with firesheep?

  • Thread starter Thread starter DrZoidberg
  • Start date Start date
Click For Summary

Discussion Overview

The discussion revolves around the topic of session hijacking, specifically in the context of using the Firesheep plugin on public wireless networks. Participants explore methods of protecting oneself from such attacks, the mechanics of how Firesheep operates, and the implications of using encrypted connections.

Discussion Character

  • Exploratory
  • Technical explanation
  • Debate/contested

Main Points Raised

  • Some participants express concern about the ease of session hijacking through tools like Firesheep on public WLANs.
  • It is suggested that avoiding unencrypted sites and using WPA2 encryption can enhance security.
  • Questions are raised about how Firesheep monitors connections and whether encrypted wireless access points can still be compromised.
  • One participant mentions a friend using a program called Blacksheep to detect Firesheep users, though it may not provide protection.
  • There are discussions about the importance of using HTTPS for secure connections, with some noting that Facebook may redirect users from HTTPS to HTTP.
  • Concerns are raised about potential man-in-the-middle attacks, including ARP spoofing and SSL stripping, which can compromise HTTPS connections.

Areas of Agreement / Disagreement

Participants generally agree on the risks associated with using public WLANs and the importance of encryption, but there are multiple competing views on the effectiveness of different protective measures and the behavior of specific websites regarding HTTPS.

Contextual Notes

Some participants reference external sources for further understanding, indicating that there may be limitations in their explanations or assumptions about the audience's prior knowledge.

DrZoidberg
Messages
522
Reaction score
70
Hi,
I read about firesheep, a firefox plugin that allows you to log into other peoples accounts (twitter, facebook, etc). It's called session hijacking.
So now that every 12 year old is able to connect to a public wlan hotspot and log into other peoples accounts, I wonder how you can protect yourself from it.
How is it even possible? IP packets sent from one computer in a wlan network to e.g. facebook will go to the router and from there into the internet but all the other computers in the same wlan network should not even see those IP packets, do they? Is a wlan router actually sending each IP packet to ALL the computers in the network? Is it possible to prevent this?
 
Computer science news on Phys.org
Don't use unencrypted sites/login pages. Duh?

Alternatively, only sign into networks that use WPA2 encryption.
 
Yes I know, but that is not always possible.
Do you know how firesheep manages to monitor the connection between my computer and some website?
 
DrZoidberg said:
Yes I know, but that is not always possible.

But it is possible to avoid non-encrypted websites and non-secured wireless access points.

Do you know how firesheep manages to monitor the connection between my computer and some website?

Look up http://netsecurity.about.com/cs/hackertools/a/aa121403.htm" . In a wireless network you are sending your packets to the access point via RF. Anyone with an antenna and the proper software (like Firesheep) can intercept those packets.
 
Last edited by a moderator:
Thanks,
But I still have more questions.
If I use an encrypted wireless access point, other people on the same network will also have the key. Could any of them still intercept my packets?
 
DrZoidberg said:
If I use an encrypted wireless access point, other people on the same network will also have the key. Could any of them still intercept my packets?

That question was answered in the link I posted. Please do some of your own research.
 
I have a CS major friend who has been playing around with firesheep and he has been attacking firesheep users with a similar program called blacksheep. At the least, it will tell you if others on the same network are using firesheep. I don't know that it provides any protection. He used it as a starting point in a security experiment they were doing. Interesting stuff, way over my head though.
 
Just when you go to Facebook, don't type just facebook.com, type https://www.facebook.com
That'll make it so you automatically use their encrypted log in. There are lots of addons for browsers out there that do this automatically for you for most sites that allow it.
 
I'll comment on Facebook -- they really do not like you to use https (https is encrypted, http is not), in my experience.

If you just try going to https://www.facebook.com, it seems to try and redirect you back to http://www.facebook.com.

The only way I have found to get around this is by using a browser plugin. I'm sure there's one for Firefox, but for Chrome it's called "Facebook Secure Connection (Force Https SSL)".

If you're using https, however, they disable chat for you. How nice of them :)

On the original topic:

When browsing a web page using wifi, there are two likely scenarios in terms of having an encrypted connection:

1) Encrypted wifi
2) https

You are correct in saying that someone else can intercept your traffic if they have the encryption key for the network you're on -- or it's unencrypted.

However, if you're on any wireless connection other than your own, or it's not secured with at least WPA, then assume that they can intercept your packets.

Https encrypts information between the server and your computer, and, as far as I know, has not been broken yet (unlike WEP). Therefore, even if they can intercept your packets over wifi, they still can't decrypt your https traffic.

However, they can still tell what server you're accessing, unless you're using an encrypted proxy.

In other words:

Make sure the important sites you are accessing are using https when you are on insecure wifi.

If you don't want them to even know what site you're looking at, then you'll need to use an encrypted proxy. They can still find out you're using a proxy, however (and the proxy could record the sites you are accessing).
 
Last edited by a moderator:
  • #10
Also don't accept new certificates, ARP spoofing and sslstrip can give you the impression you are still on a https connection, however it's actually a man in the middle attack and the MITM is forwarding your information to the actual server.
 

Similar threads

Emails/Forums Say My IP is X, Avast Says My IP is Y....How Possible?
  • · Replies 4 ·
Replies
4
Views
1K
How can I fix a device that requires a ping response from www.skype.com?
  • · Replies 3 ·
Replies
3
Views
2K
Anonimity: Time to take the internet back.
  • · Replies 3 ·
Replies
3
Views
4K
How can I protect my flash drive from reformat?
  • · Replies 5 ·
Replies
5
Views
2K
Privacy of Members on Physicsforums: What is Stored and Protected?
  • · Replies 3 ·
Replies
3
Views
3K
Do You Trust "Reviews" on Next Door?
  • · Replies 16 ·
Replies
16
Views
3K
Protecting yourself from botnets
  • · Replies 4 ·
Replies
4
Views
4K
What could be causing slow browsing in Firefox 8.0.1 and how can it be improved?
  • · Replies 1 ·
Replies
1
Views
3K
  • Sticky
Getting Started With Computers and Programming
  • · Replies 13 ·
Replies
13
Views
8K
Did You Receive a Fake eBay Email? How to Protect Your Account Today
  • · Replies 12 ·
Replies
12
Views
7K