How To: Install and Use Firesheep

This is the second post of a two-part feature on how to obtain information on a WEP enabled wireless network. We’ve already discussed how to crack a WEP key. Now this post will show how to gather information using a Firefox Add-on called Firesheep.

 

Disclaimer: I do not care what you do with this information. Who am I to tell you what to do with something you’ve learned? It is your decision to use this information ethically or unethically. Just know that stealing private information is illegal.

It’s likely you’ve heard of Firesheep by now. It’s been written about in Forbes, PCWorld, and ZDNet just to name a few. There have been 746,845 Firesheep downloads as of this writing. But I’m sure there are still a few of you who only use the Internet for Facebook and Gmail and haven’t heard of it. That’s alright, but there are some things you should know especially if you’re using either of those two aforementioned sites.

About Firesheep

Firesheep is a Firefox add-on that listens to traffic over a wireless network. Specifically Firesheep looks for cookies on a network. It does not show passwords. Websites like Facebook and Twitter encrypt passwords. Firesheep just allows you to do everything as if you have the password. It works on open wireless networks and WEP-enabled wireless networks. Check out my How To on cracking WEP keys here.

So let’s say you go to Facebook.com. You enter in your email address and password and click Login. Facebook then stores an identifier (a cookie) on your computer and uses it throughout your session so it knows that you are – well, you. This is where Firesheep comes into play. Firesheep copies that cookie and uses it to log on to your Facebook (or whichever service) account.

Here’s a good analogy: Let’s say you’re trying to get into a club (WiFi network). The big bouncer (Facebook, Twitter, etc.) has a list of VIPs that are only allowed in. The only way for the bouncer to allow you in is if you show a valid ID (cookie). You show your ID (username and password) and are allowed in because your ID matches a name on the list. Once you’re in the club you grab yourself a drink and socialize. What you don’t notice is some creepy, weird looking guy with a trench coat and sunglasses (who wears sunglasses in a night club? This guy does).

This guy is Firesheep. He’s been stalking you for a while and somehow got into this club. Who knows how he got in. All that matter is that he wants to copy your ID so he can go to other clubs and pretend to be you. So you go to the bar to start a tab and leave your ID and credit card with the bartender. After you get your drink and head back to the dance floor, Firesheep creeps over to bar and swipes your ID, takes pictures of it, and heads out the door. He uses these photos to duplicate your ID and get into other clubs.

How to Install Firesheep

Firesheep is very easy to install and use. That was Eric Butler’s intent. Eric developed Firesheep to point out how easy it is for someone to hack into user accounts using cookies. “Hopefully sites like Facebook and Twitter will see this and decide that protecting user privacy is a priority for them”, Butler said. Let’s start with installing Firesheep.

One

Head over to Butler’s Github page and download Firesheep for your OS. Be sure to also install WinPcap if you’re using a Windows machine. WinPcap captures the network traffic that Firesheep is looking for.

Two

Locate the .xpi file you downloaded and right click (OS X users: Ctrl+click) on it. Open the file with Firefox. Firefox will warn you to trust the author of the add-on. Just click Install Now. Once it’s installed restart Firefox.

Three

Now that we’ve installed Firesheep, go to View on Firefox’s menu bar. Click Sidebar and then click Firesheep. Firesheep will now load in Firefox on the left side. Just click the Start Capturing button and wait. Depending if anyone is using any of the sites supported by Firesheep, user information may appear in the sidebar (as seen to the right).

And that’s it. Pretty easy, eh?

Conclusion

Firesheep is a little terrifying and really intriguing at the same time. There are tools to counteract Firesheep such as BlackSheep, HTTPS Everywhere, and Force-TLS. So if you’re paranoid about someone using Firesheep on your network, you can use those tools to help circumvent any potential thieves. Even if you do decide to use those tools, you should always know who is on your network. And if you don’t know who is on your wireless network it’s likely due to little or no encryption. I highly suggest using WPA or WPA2 encryption instead of WEP encryption or especially (cringes) leaving it open. Find out why you shouldn’t use WEP encryption (and how easily you can crack it) in my previous post.

I’m trying to pull together a list of websites that Firesheep works with. Here’s what I have so far:

  1. Facebook
  2. Twitter
  3. Foursquare
  4. Yelp
  5. Gowalla
  6. New York Times
  7. Yahoo!
  8. eBay
  9. Gmail
  10. Amazon
  11. YouTube
  12. Tumblr
  13. Flickr

If you know of any more sites, post them in the comments. Did your Firesheep install go well? Are you frustrated beyond belief that something like this exists? Are you even more frustrated that Facebook and Tumblr, etc. still haven’t done anything about this? Let us know in the comments.

Patrick is the founder and editor-in-chief of pinglio. He works as a system administrator and studied at the University of Illinois at Chicago. He currently lives in Chicago with his girlfriend and two dogs.
  • http://twitter.com/ChiJake8907 Jake Johnson

    this has to be illegal..but time for some fun. :) good post pat

  • http://twitter.com/ChiJake8907 Jake Johnson

    this has to be illegal..but time for some fun. :) good post pat

  • Pingback: How To: Install and Use Firesheep | pinglio | Supreme Hacking

  • Kye

    Hey, quite old post but I’m trying this for the first time now. I just logged in yahoo on IE and it came up on firefox. When I click my name on firefox though (to get into the captured yahoo) It takes me to the login page.. any help?   

       thanks

    • http://www.pinglio.com Patrick Bisch

      A lot of these services have implemented secure browsing since Firesheep was released. It’s possible (but a guess) that the cookie you’re using is encrypted with SSL/TLS.

  • KayLengzhai

    Is it just limited to firefox 5?

  • Ian

    i tried it and it said that it was an invalid interface
     

  • Bigjkenyon

    Firesheep is not compatible with firefox 8.0?

  • Nick

    its when i download it i cant “open it with firefox” what do u mean .xpi do i unzip it?

  • Cody

    So I downloaded everything correctly, but it still isn’t working. When i click the “Start Capturing” button, it isn’t capturing anything even though a Facebook page is open on another laptop using the same wireless connection. I am currently using Firefox 3.6.17. Have you heard of anything like this?

    • winnie

      got the same problem but dont know how to solve it :((

      • me

        same happened to me

        • Tijsticles

          If you’re on a WPA network or a WPA2, it won’t work. Also possible that everyone is on private browsing or https.

  • Missstarbucks

    Does firesheep not work on Firefox version 3.6.25? I followed your steps but when I pressed the start capturing button…nothing happened.

    • America

      mine is not working either. Someone please help

  • Gemsp68

    could not get it to work on 3.0, 3.6.17, 8.0, 10.0.2

  • Sulayman

    ah, it says “FAILED TO SET HARDWARE FILTER TO PROMISCUOUS MODE”

  • Erroldebeer01

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    This is the answer I get when I try to install the .xpi fiel. I’m using windows 7???
    Any ideas?

  • Sathyaramkumar G

    Thank you very much for this information

  • SP Magoffin

    Working on the Firefox 14 alpha release. You need to compile it yourself, the pre-built version is version 0.1, the latest release is 1.5.

  • http://twitter.com/Nouf_Elf Nouf

    hello ~

    I did all the steps well but I don’t why when the firefox restarts after installing firesheep I can’t find «Firesheep» when I go to View -> Sidebar -> there are only Bookmarks and History :(

    plus that I used Firefox 3.6.28

    REPLY PLEASE !!!!!!

  • Carl

    Hi, please, i can’t find some safe firesheep, can u help me?

  • Godel Fishbreath

    I dragged the file over to firefox and got that Firesheep is not compatible with Firefox 17.0.1. And it would not load with either 17 or the previous (before upgrade) version 14.

    So help, how to update?
    And do you have a linux compatible version?

    • vinay reddy

      no only works below 4x verision try it its working for me

  • Godel Fishbreath

    Alternately tell me what to do to compile or update Firesheep.

  • firesheepp

    Here is the link to use firesheep in any firefox

    http://www.filefactory.com/f/887dfb1bff3dae3d

  • firesheep

    Use firesheep in any firefox heres the link

    http://www.filefactory.com/f/887dfb1bff3dae3d

  • Sarah

    hey wanna hack facebooks and much more download this app it comes with its own firesheep here’s the linkkk :) http://www.filefactory.com/file/2ys2xcwwi4op/firesheep.zip

  • Amy (:
  • Someone who downloaded it :(

    =========================================
    WARNING
    =========================================
    (Kind Advice)Please Don’t click on the “Here is the link to use firesheep in any firefox” link.
    It contains virus that messes with your pc.