How can you protect yourself from session hijacking with firesheep?

  • Thread starter Thread starter DrZoidberg
  • Start date Start date
Click For Summary
SUMMARY

This discussion centers on protecting oneself from session hijacking, particularly through the use of the Firesheep Firefox plugin. Users are advised to avoid unencrypted websites and to utilize WPA2 encrypted wireless networks whenever possible. The conversation highlights the importance of HTTPS for secure connections, as it encrypts data between the server and the user's computer, preventing interception of sensitive information. Additionally, browser plugins like "Facebook Secure Connection (Force Https SSL)" are recommended to enforce HTTPS connections automatically.

PREREQUISITES
  • Understanding of session hijacking and its implications
  • Knowledge of WPA2 encryption standards
  • Familiarity with HTTPS and its role in web security
  • Awareness of browser plugins and their functionalities
NEXT STEPS
  • Research the functionality and installation of "Facebook Secure Connection (Force Https SSL)" for Chrome
  • Learn about the differences between HTTPS and HTTP, focusing on security features
  • Explore the concept of encrypted proxies and their use in enhancing online privacy
  • Investigate tools like Blacksheep for monitoring network security and detecting Firesheep users
USEFUL FOR

Individuals concerned about online security, web developers implementing secure connections, and anyone using public Wi-Fi networks who wants to protect their personal information from session hijacking.

DrZoidberg
Messages
522
Reaction score
70
Hi,
I read about firesheep, a firefox plugin that allows you to log into other peoples accounts (twitter, facebook, etc). It's called session hijacking.
So now that every 12 year old is able to connect to a public wlan hotspot and log into other peoples accounts, I wonder how you can protect yourself from it.
How is it even possible? IP packets sent from one computer in a wlan network to e.g. facebook will go to the router and from there into the internet but all the other computers in the same wlan network should not even see those IP packets, do they? Is a wlan router actually sending each IP packet to ALL the computers in the network? Is it possible to prevent this?
 
Computer science news on Phys.org
Don't use unencrypted sites/login pages. Duh?

Alternatively, only sign into networks that use WPA2 encryption.
 
Yes I know, but that is not always possible.
Do you know how firesheep manages to monitor the connection between my computer and some website?
 
DrZoidberg said:
Yes I know, but that is not always possible.

But it is possible to avoid non-encrypted websites and non-secured wireless access points.

Do you know how firesheep manages to monitor the connection between my computer and some website?

Look up http://netsecurity.about.com/cs/hackertools/a/aa121403.htm" . In a wireless network you are sending your packets to the access point via RF. Anyone with an antenna and the proper software (like Firesheep) can intercept those packets.
 
Last edited by a moderator:
Thanks,
But I still have more questions.
If I use an encrypted wireless access point, other people on the same network will also have the key. Could any of them still intercept my packets?
 
DrZoidberg said:
If I use an encrypted wireless access point, other people on the same network will also have the key. Could any of them still intercept my packets?

That question was answered in the link I posted. Please do some of your own research.
 
I have a CS major friend who has been playing around with firesheep and he has been attacking firesheep users with a similar program called blacksheep. At the least, it will tell you if others on the same network are using firesheep. I don't know that it provides any protection. He used it as a starting point in a security experiment they were doing. Interesting stuff, way over my head though.
 
Just when you go to Facebook, don't type just facebook.com, type https://www.facebook.com
That'll make it so you automatically use their encrypted log in. There are lots of addons for browsers out there that do this automatically for you for most sites that allow it.
 
I'll comment on Facebook -- they really do not like you to use https (https is encrypted, http is not), in my experience.

If you just try going to https://www.facebook.com, it seems to try and redirect you back to http://www.facebook.com.

The only way I have found to get around this is by using a browser plugin. I'm sure there's one for Firefox, but for Chrome it's called "Facebook Secure Connection (Force Https SSL)".

If you're using https, however, they disable chat for you. How nice of them :)

On the original topic:

When browsing a web page using wifi, there are two likely scenarios in terms of having an encrypted connection:

1) Encrypted wifi
2) https

You are correct in saying that someone else can intercept your traffic if they have the encryption key for the network you're on -- or it's unencrypted.

However, if you're on any wireless connection other than your own, or it's not secured with at least WPA, then assume that they can intercept your packets.

Https encrypts information between the server and your computer, and, as far as I know, has not been broken yet (unlike WEP). Therefore, even if they can intercept your packets over wifi, they still can't decrypt your https traffic.

However, they can still tell what server you're accessing, unless you're using an encrypted proxy.

In other words:

Make sure the important sites you are accessing are using https when you are on insecure wifi.

If you don't want them to even know what site you're looking at, then you'll need to use an encrypted proxy. They can still find out you're using a proxy, however (and the proxy could record the sites you are accessing).
 
Last edited by a moderator:
  • #10
Also don't accept new certificates, ARP spoofing and sslstrip can give you the impression you are still on a https connection, however it's actually a man in the middle attack and the MITM is forwarding your information to the actual server.
 

Similar threads

Emails/Forums Say My IP is X, Avast Says My IP is Y....How Possible?
  • · Replies 4 ·
Replies
4
Views
1K
How can I fix a device that requires a ping response from www.skype.com?
  • · Replies 3 ·
Replies
3
Views
2K
Anonimity: Time to take the internet back.
  • · Replies 3 ·
Replies
3
Views
4K
How can I protect my flash drive from reformat?
  • · Replies 5 ·
Replies
5
Views
2K
Privacy of Members on Physicsforums: What is Stored and Protected?
  • · Replies 3 ·
Replies
3
Views
3K
Do You Trust "Reviews" on Next Door?
  • · Replies 16 ·
Replies
16
Views
3K
Protecting yourself from botnets
  • · Replies 4 ·
Replies
4
Views
4K
What could be causing slow browsing in Firefox 8.0.1 and how can it be improved?
  • · Replies 1 ·
Replies
1
Views
3K
  • Sticky
Getting Started With Computers and Programming
  • · Replies 13 ·
Replies
13
Views
8K
Did You Receive a Fake eBay Email? How to Protect Your Account Today
  • · Replies 12 ·
Replies
12
Views
7K