Skip to main content

BlackSheep: A tool to detect Firesheep

Remember Firesheep - the Firefox extension that makes it easy to steal user logins and take over social media sites and email accounts when users log in through unsecured WiFi hotspot? Although the intention of the developers were philanthropic, the temptation for people to use it for nefarious purposes is too great. Take into the account the huge number of downloads of the addon, and we have got a real threat.

The researchers at Zscaler have created a free Firefox plugin called BlackSheep to help police the situation. BlackSheep warns users if someone is using Firesheep on their network and also indicates the IP address of the machine that is spying on you.

blacksheep-warning

BlackSheep detects Firesheep by making HTTP requests to the affected sites using fake cookie values, then listens to all HTTP requests on the network to detect if somebody else is using the same fake values.

FireSheep listens to the HTTP traffic on port 80. When it identifies a transaction to a known site (Facebook, Google, Yahoo!, etc.), it looks for specific cookie values which are then used to identify a specific user. This phase of the attack cannot be detected as it is done passively.

When FireSheep identifies a user session, it then makes a request to the same site using the user's cookie values in order to retrieve user information such as their name, picture, etc. This active network activity is however visible to others on the local network.

BlackSheep detects the active connection made by Firesheep. It does this by making HTTP requests to random sites handled by FireSheep every 5 minutes (configurable) with fake values. BlackSheep then listens to all HTTP requests on the network to detect if somebody else is using the same fake values.

Since BlackSheep is based on the FireSheep source code, you have to uninstall Firesheep before you install BlackSheep, otherwise BlackSheep will detect that you are using FireSheep.

Related: Protect yourself and others from Firesheep with FireShepherd

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.
17 comments
Read more

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.
1 comment
Read more

Diagram 101: Different Types of Diagrams and When To Use Them

Diagrams are a great way to visualize information and convey meaning. The problem is that there’s too many different types of diagrams, so it can be hard to know which ones you should use in any given situation. To help you out, we’ve created this diagram that lays out the 7 most common types of diagrams and when they’re best used:
Post a Comment
Read more