How To: Install and Use Firesheep

This is the second post of a two-part feature on how to obtain information on a WEP enabled wireless network. We’ve already discussed how to crack a WEP key. Now this post will show how to gather information using a Firefox Add-on called Firesheep.

Disclaimer: I do not care what you do with this information. Who am I to tell you what to do with something you’ve learned? It is your decision to use this information ethically or unethically. Just know that stealing private information is illegal.

It’s likely you’ve heard of Firesheep by now. It’s been written about in Forbes, PCWorld, and ZDNet just to name a few. There have been 746,845 Firesheep downloads as of this writing. But I’m sure there are still a few of you who only use the Internet for Facebook and Gmail and haven’t heard of it. That’s alright, but there are some things you should know especially if you’re using either of those two aforementioned sites.

About Firesheep

Firesheep is a Firefox add-on that listens to traffic over a wireless network. Specifically Firesheep looks for cookies on a network. It does not show passwords. Websites like Facebook and Twitter encrypt passwords. Firesheep just allows you to do everything as if you have the password. It works on open wireless networks and WEP-enabled wireless networks. Check out my How To on cracking WEP keys here.

So let’s say you go to Facebook.com. You enter in your email address and password and click Login. Facebook then stores an identifier (a cookie) on your computer and uses it throughout your session so it knows that you are – well, you. This is where Firesheep comes into play. Firesheep copies that cookie and uses it to log on to your Facebook (or whichever service) account.

Here’s a good analogy: Let’s say you’re trying to get into a club (WiFi network). The big bouncer (Facebook, Twitter, etc.) has a list of VIPs that are only allowed in. The only way for the bouncer to allow you in is if you show a valid ID (cookie). You show your ID (username and password) and are allowed in because your ID matches a name on the list. Once you’re in the club you grab yourself a drink and socialize. What you don’t notice is some creepy, weird looking guy with a trench coat and sunglasses (who wears sunglasses in a night club? This guy does).

This guy is Firesheep. He’s been stalking you for a while and somehow got into this club. Who knows how he got in. All that matter is that he wants to copy your ID so he can go to other clubs and pretend to be you. So you go to the bar to start a tab and leave your ID and credit card with the bartender. After you get your drink and head back to the dance floor, Firesheep creeps over to bar and swipes your ID, takes pictures of it, and heads out the door. He uses these photos to duplicate your ID and get into other clubs.

How to Install Firesheep

Firesheep is very easy to install and use. That was Eric Butler’s intent. Eric developed Firesheep to point out how easy it is for someone to hack into user accounts using cookies. “Hopefully sites like Facebook and Twitter will see this and decide that protecting user privacy is a priority for them”, Butler said. Let’s start with installing Firesheep.

One

Head over to Butler’s Github page and download Firesheep for your OS. Be sure to also install WinPcap if you’re using a Windows machine. WinPcap captures the network traffic that Firesheep is looking for.

Two

Locate the .xpi file you downloaded and right click (OS X users: Ctrl+click) on it. Open the file with Firefox. Firefox will warn you to trust the author of the add-on. Just click Install Now. Once it’s installed restart Firefox.

Three

Now that we’ve installed Firesheep, go to View on Firefox’s menu bar. Click Sidebar and then click Firesheep. Firesheep will now load in Firefox on the left side. Just click the Start Capturing button and wait. Depending if anyone is using any of the sites supported by Firesheep, user information may appear in the sidebar (as seen to the right).

And that’s it. Pretty easy, eh?

Conclusion

Firesheep is a little terrifying and really intriguing at the same time. There are tools to counteract Firesheep such as BlackSheep, HTTPS Everywhere, and Force-TLS. So if you’re paranoid about someone using Firesheep on your network, you can use those tools to help circumvent any potential thieves. Even if you do decide to use those tools, you should always know who is on your network. And if you don’t know who is on your wireless network it’s likely due to little or no encryption. I highly suggest using WPA or WPA2 encryption instead of WEP encryption or especially (cringes) leaving it open. Find out why you shouldn’t use WEP encryption (and how easily you can crack it) in my previous post.

I’m trying to pull together a list of websites that Firesheep works with. Here’s what I have so far:

Facebook
Twitter
Foursquare
Yelp
Gowalla
New York Times
Yahoo!
eBay
Gmail
Amazon
YouTube
Tumblr
Flickr

If you know of any more sites, post them in the comments. Did your Firesheep install go well? Are you frustrated beyond belief that something like this exists? Are you even more frustrated that Facebook and Tumblr, etc. still haven’t done anything about this? Let us know in the comments.

Patrick Bisch

Patrick is the founder and editor-in-chief of pinglio. He works as a system administrator and studied at the University of Illinois at Chicago. He currently lives in Chicago with his girlfriend and two dogs.

http://twitter.com/ChiJake8907 Jake Johnson

this has to be illegal..but time for some fun. good post pat
http://twitter.com/ChiJake8907 Jake Johnson

this has to be illegal..but time for some fun. good post pat
Pingback: How To: Install and Use Firesheep | pinglio | Supreme Hacking
Kye

Hey, quite old post but I’m trying this for the first time now. I just logged in yahoo on IE and it came up on firefox. When I click my name on firefox though (to get into the captured yahoo) It takes me to the login page.. any help?

thanks

http://www.pinglio.com Patrick Bisch

A lot of these services have implemented secure browsing since Firesheep was released. It’s possible (but a guess) that the cookie you’re using is encrypted with SSL/TLS.

KayLengzhai

Is it just limited to firefox 5?
Ian

i tried it and it said that it was an invalid interface
Bigjkenyon

Firesheep is not compatible with firefox 8.0?

http://www.pinglio.com Patrick Bisch

It appears that way. If you want to use Firesheep, you can always install an older version of Firefox: http://releases.mozilla.org/pub/mozilla.org/firefox/releases/

Nick

its when i download it i cant “open it with firefox” what do u mean .xpi do i unzip it?

http://www.pinglio.com Patrick Bisch

No unzipping necessary. You can find the .xpi file on Butler’s Github page: https://github.com/codebutler/firesheep/downloads

Just right click the file and choose open with Firefox (in Windows).

Cody

So I downloaded everything correctly, but it still isn’t working. When i click the “Start Capturing” button, it isn’t capturing anything even though a Facebook page is open on another laptop using the same wireless connection. I am currently using Firefox 3.6.17. Have you heard of anything like this?
Missstarbucks

Does firesheep not work on Firefox version 3.6.25? I followed your steps but when I pressed the start capturing button…nothing happened.

America

mine is not working either. Someone please help

Gemsp68

could not get it to work on 3.0, 3.6.17, 8.0, 10.0.2
Sulayman

ah, it says “FAILED TO SET HARDWARE FILTER TO PROMISCUOUS MODE”
Erroldebeer01

This XML file does not appear to have any style information associated with it. The document tree is shown below.
This is the answer I get when I try to install the .xpi fiel. I’m using windows 7???
Any ideas?