Tuesday, November 9, 2010

FireSheep Vs BlackSheep

It is a Firefox extension that demonstrates HTTP session hijacking attacks. HTTP session hijecking (commonly known as Sidejacking) is a common vulnerability, which sniff the network traffic and extract victim's session information or cookie. With the session information, it can gain access to the victim's account without the need of username and password.

I have previously blog on sidejacking with Ferret and Hamster.

Firesheep is free, open source, and is available now for Mac OS X and Windows.

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:

Please note that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.

No comments: