gveloper asked:

This demo shows the powerful new security (hacking) tool called FireSheep and explains how it can be used to perform http session hijacking (sidejacking) attacks against you and steal your logged in sessions on popular websites. Please note this is not a security risk caused by FireSheep, the tool is just pointing out a flaw we have all been needing to deal with for some time, and also note that we don’t think this can be fixed except by the web application developers and admins, and we do believe that this app and its author, Mr Eric Butler, may have changed the face of web application security forever. Note that we don’t claim to be the world’s foremost experts on the topic, but hopefully this video is helpful in understanding the threat. Also note that although the video was made on a mac, all client operating systems and all client browsers are affected.

Share →

11 Responses to FireSheep and HTTP Session Hijacking Explained

  1. kaltoftmorten says:

    @PremiumZero No because they are always SSL-encrypted

  2. pspheaven says:

    @davidkris Sadly all you need is a tool called sslstrip and boom… no more ssl

  3. pspheaven says:

    @DTbox Your’e an idiot, firesheep works great, its legal, and the download is easy to get…

  4. Hurvduperv says:


  5. masiewpao says:

    @DTbox your an idiot. or not.

  6. masiewpao says:

    @DTbox your an idiot.

  7. AndrewMacedonia says:

    if you need help with firesheep go to my youtube and on my videos i made a very easy to follow tutorial in how to use firesheep

  8. DTbox says:

    Ladies and gentlemen, I believe that you’ve been set up. Think about it, I.T. media outlets provided the download link and now suddenly Firesheep can’t be found anywhere on the Internet for download or the download won’t work. I know that successful downloads are being tracked, THERE IS NO SOFTWARE TO HACK SOCIAL NETWORKING SITES!!!!

  9. PremiumZero says:

    Does this work on bank sites?

  10. gveloper says:

    Thanks, we will check it out. And if anyone has any more ideas to mitigate this threat, please comment here or in our forums! Lets get the community talking.

  11. davidkris says:

    It’s great that you are helping with awareness! An option for protection is getCocoon (dot) com it provides secure SSL encryption in a firefox plug-in. It’s in beta and free – we’re trying to spread the word. Any help appreciated greatly!

    Thanks! DavidKris

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.