When you are connected to a web application it is mostly a dynamic web application you will have a unique id called the session id which identifies you as the valid user of the web site.
The id will be valid until you logout of the session if some how the hacker got the session id they will get access to the session and access your account.
This can be achieved by software called the FireSheep
2. Sit on a unencrypted wireless network
3. Turn on your wireless card(support promiscious mode, such as : atheros, orinocco, etc) and join the network
4. Start capturing with firesheep
5. Just wait until some user authenticate at the facebook, twitter, etc.
Step by Step Firesheep Configuration
1. The picture below is the interface of firesheep(click view –> sidebar –> firesheep) and you can click the red circle for preferences
2. In this picture you should choose which interface you want to capture the data. for example when you’re in a wireless network, you should activate the wireless adapter.
3. This picture below tells you which website session can hijacked handle by this addons,
4. Usually when capturing data, will use TCP port 80, because if it’s 443 I think will be encrypted, but I still didn’t try for another port :-).
5. When you finish, click the “Start Capturing” and wait until someone authenticate some website on the website list.
1. You can use Blacksheep,
2. You can tunnel your internet connection,
3. Don’t use “Remember Me” feature in public internet area(Hotspot), and logout after you finish use the internet.
Take your time to comment on this article.