Hacklabs has rebranded to Pure Security. Please visit our new website at https://www.pure.security for more information.
Nov 02 2010

Writing Firesheep Scripts

A lot has been written about Firesheep and whilst I have provided some commentary on it myself. There wasn't much mentioned on that it relies on specific scripts tailored for the site's in which it targets. Curious I had a quick play and wrote up a couple of scripts for some Australian Sites I have used.

NB:All of the ones I tested used HTTP for the sign in process which was the default setting, Some offered HTTPS but as an additional link to click .

It's a pretty straight forward process;

1) Identify the correct domain

2) List the cookies sent as part of the session (Normally the ones sent to you after you have authenticated)

3) Identify the section of the page in which the user name is displayed

4) modify the (identifyUser: function). For the sites I looked at it meant I had to change "this.userName   = resp.body.querySelector('changeme').innerHTML;

The changeme value above has to reference where the username value is. So for Whirlpool for example the page source snippet looks like this;

The username is referenced as the following within the script;

this.userName = resp.body.querySelector('dl.userinfo span').innerHTML;

One thing I did notice when running Firesheep was the number of third party connectors that sites were running. As these were linked from the news site I was viewing they automatically connected back over HTTP to the service.

In one example it had a bit.ly bookmark extension and a facebook connector. If you had an open session in another window or opted to keep yourself logged in by checking a box (which I guess many users might do) it would connect back and expose the session cookies and hence appear in Firesheep.

I don't condone illegal activity and have provided the above information for people to evaluate their own applications or the applications they legitimately have access to.

The following firesheep scripts were written with help from RD (Thanks Mate).

Whirlpool Optus Seek

Contact Us