Firesheep Download – Session Hijacking Tool For Windows

Outsmart Malicious Hackers


A huge wave has been made by this Firesheep in the mainstream media this week as it makes session hijacking a click and go procedure for Windows. It was released at Toorcon 12 and is simply a Firefox Add-on.

Firesheep Download - Session Hijacking Tool For Windows


What is Firesheep?

Stealing sessions/passwords and so on is something we’ve been able to do for a LONG time using Wireshark or Ettercap on a hub based or WiFi network running without encryption. But now with Firesheep anyone can do it, and they can do it VERY easily, which is somewhat scary. It is incredibly easy to use, download the add-on, login to a public WiFi spot and click a button…you’ll then be shown images and usernames of various people using networks such as Facebook, Twitter, Flickr, bit.ly, Google and Amazon. With a double-click on their image, you’ll be logged in as them immediately.

Firesheep is free and open source and works on Mac OS X and Windows with Linux support being promised soon. The download rate of this add-on is epic with over 320,000 downloads in 3 days.

How to Protect Against Firesheep?

I expect you already know how to protect yourself from this kind of attack, but if you don’t…use a high-quality VPN like PureVPN whenever you are on a public Wifi spot! If you don’t have VPN access or can’t be arsed to set one up just make sure you force SSL/TLS on every site you surf – but do note to protect against this attack, you have to encrypt the entire session and not just the initial authentication.

Google has a secure search option too here – https://encrypted.google.com/

You can find the slides from the Toorcon 12 presentation here:

Hey Web 2.0: Start protecting user privacy instead of pretending to


Firesheep Session Hijacking Requirements

Windows users are required to install WinPcap.

Download Firesheep to Hack Facebook

You can download Firesheep v0.1 here:

firesheep-0.1-1.xpi

Or read more here.

Posted in: Hacking Tools

, ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


10 Responses to Firesheep Download – Session Hijacking Tool For Windows

  1. Bogwitch October 28, 2010 at 12:08 pm #

    There is no new technology in use here, it is merely a tool to allow less technologically able users to see what the rest of us have been able to see for years.

    It is raising an awareness of the need for ssl sessions for any restricted access web sites which can only be a good thing but there’s so much more than captured from unsecured network transmission mediums and users should be made aware of that, too.

    As an aside, I would hate to be in the position of providing software like this – 100,000 users, 99% of whom will have NO idea if their NIC is capable of entering monitor/promisc mode and will automatically blame the software.

    • Darknet October 29, 2010 at 7:13 am #

      Yup, like I said at the beginning of the article – the only difference is this just makes it ridiculously easy. Heh honestly I don’t think the author gives a shit about supporting the users, it’s about proving a point more than anything else.

  2. Hex November 1, 2010 at 3:16 pm #

    I am still waiting on the Linux variant, hopefully out soon, so I can demonstrate this tool to people as awareness-raising. people dont ‘get’ wireshark dumps, but a mass-frape in the University would REALLY make the lesson STICK. Naturally, I would only target friends who are already pre-warned, and not frighten the life out of poor randoms.

    Is there any easy way to ‘see’ if someone is using this on the network you are on?
    Like a firesheep detector tool?

    • Darknet November 3, 2010 at 5:20 am #

      Yah if you pull all the packets off the network you should be able to figure it out, there’s no ‘tool’ for that though.

  3. Graham November 3, 2010 at 4:20 am #

    Bogwitch,

    The problem is the ease of access. Considering we are getting more mobile as a society, making it dumb simple to hack a wireless connection is not a good thing.

  4. Tom Smith November 3, 2010 at 6:31 pm #

    Combined with sslstrip it would be a scary tool. On the other hand… a HTTP notifier (addon or extension) on HTTPS sites would be a good idea.

  5. Steve King November 25, 2010 at 5:11 pm #

    For windows system, I have yet to find a laptop (running WinXP or Win7) that would support promiscuous mode on their wifi nic (Intel wifi nic). Is this true?

    • Darknet November 27, 2010 at 9:34 am #

      Most likely yah, pretty rare to find Windows machines (and off the shelf laptop WiFi cards) that can go promiscuous.

      • Steve King November 28, 2010 at 4:53 pm #

        We know firesheep is not available for Linux machine (so far) and Windows machine rarely can do promiscuous mode, then what is the risk level?
        BTW, does anyone know of development of firesheep-like feature under Linux?

        • Bogwitch November 30, 2010 at 9:46 am #

          For my pentesting laptop, I located a suitable card that would run promiscuous mode – but I also drilled a hole in the side of the laptop to fit a jack for a directional antenna and as you say, they are not standard cards.
          As for running a similar software for Linux, perhaps tcpdump? ;P