Here is how to hijack session using Firesheep

Follow by Email
Facebook0
Facebook
Google+
https://codingsec.net/2016/08/hijack-session-using-firesheep/

When you are connected to a web application it is mostly a dynamic web application you will have a unique id called the session id  which identifies you as the valid user of the web site.

The id will be valid until you logout of the session if some how the hacker got the session id they will get access to the session and access your account.

This can be achieved by software called the FireSheep

1. Download Firesheep

2. Sit on a unencrypted wireless network

3. Turn on your wireless card(support promiscious mode, such as : atheros, orinocco, etc) and join the network

4. Start capturing with firesheep

5. Just wait until some user authenticate at the facebook, twitter, etc.

Step by Step Firesheep Configuration

1. The picture below is the interface of firesheep(click view –> sidebar –> firesheep) and you can click the red circle for preferences

firesheep1-191x300

2. In this picture you should choose which interface you want to capture the data. for example when you’re in a wireless network, you should activate the wireless adapter.

firesheep2

3. This picture below tells you which website session can hijacked handle by this addons,

4. Usually when capturing data, will use TCP port 80, because if it’s 443 I think will be encrypted, but I still didn’t try for another port :-).

firesheep4

5. When you finish, click the “Start Capturing” and wait until someone authenticate some website on the website list.

Prevention:

1. You can use Blacksheep,

2. You can tunnel your internet connection,

3. Don’t use “Remember Me” feature in public internet area(Hotspot), and logout after you finish use the internet.

Take your time to comment on this article.

Follow by Email
Facebook0
Facebook
Google+
https://codingsec.net/2016/08/hijack-session-using-firesheep/

Add a Comment

Your email address will not be published. Required fields are marked *

Like the article? please consider sharing it. Thank you

Advertisment ad adsense adlogger