[ad name=”postsqrRight”]FireSheep has kicked up one hell of a storm since it was announced, and has made what was once reserved for the hard core geeks easily accessible to everyone, now anyone with 5 minutes can access the social networks and website accounts of the majority of people on the local network or wifi, particularly dangerous when you surf in you’re favourite hot spot.
So now I will tell you how you can install and use this clever (and scary) little add-on for FireFox and “test your security”.
1. Check you have the correct version of FireFox.
To install this plugin you must be running FireFox version 3.6.12 or newer, if you are not already running the latest version you will need to update FireFox before continuing.
2. Install Winpcap (Windows Only)
Because windows doesn’t include raw sockets which enable this add-on to sniff the network you will need to install winpcap first.
You can download winpcap here, follow the installer as normal.
3. Download FireSheep XPI
To download the XPI FireSheep Add-on head over to GitHub and save it to your desktop.
4. Install FireSheep in FireFox
Open FireFox, and click Tools –> Add-ons.
Now simply drag the .XPI FireSheep file you downloaded previously into the Add-ons dialog box.
This should then proceed to the install dialog (as shown on the right)
Once the Install button has activated click to install when the installation has completed you will be prompted to restart FireFox – Do it.
5. Using FireSheep
To use FireSheep click View –> Sidebar and select FireSheep to display the FireSheep sidebar.
To start capturing session cookies click the “Start capturing” button and you are away and FireSheep will now begin sniffing for sessions on the network or Open Wifi point.
You can now simply double-click on the users/websites which appear the the sidebar and the stolen session cookies will let you login as that person.
Obligatory legal note: While it is NOT illegal to download, install and use this add-on it IS illegal to use it to gain unauthorised access to other people’s accounts and/or information. If you do it, on your head be it.
Share the love. Retweet & Digg this!