Firesheep

[Wittmann]

Well I'm running firesheep using Firefox 3.6.12 (the version Firesheep works on), Windows 7 64 bit (shame)

Anyway, Firesheep can't seem to pick anything up, not even stuff on my own computer, occasionally it will notice my login to my google account, but I can't actually click on the link to access it, the link just takes me to (unlogged in) google.

I've installed WinpCap, then Firesheep.

I am unable to see any logins or such, do you guys have any idea how to fix this? I've googled around and got very little.

[limdis]

Hmm. I feel like you must not have done your research. For if you had you would know that you can make some small edits to get firesheep to work on more recent versions of firefox.
But allow me to drop my opinion. Firesheep is kind of skiddie and is highly limited. Also anyone picking up on this can simply run Blacksheep and bust you.

[Wittmann]

Hmm. I feel like you must not have done your research. For if you had you would know that you can make some small edits to get firesheep to work on more recent versions of firefox.
But allow me to drop my opinion. Firesheep is kind of skiddie and is highly limited. Also anyone picking up on this can simply run Blacksheep and bust you.

I looked into that but the tutorial was for making it work on Linux, and it didn't seem to work the same in Windows when I went through and tried that.

The program (originally) worked for v3... so I'd imagine it still should as it was never updated for v4+. Nonetheless, I've been working around in Cain and Abel packet sniffing for my Facebook log-in from my iPhone. I can see the packets, and look at the http, but I haven't been able to actually get the password to crack, I'm downloading rainbow tables for the dictionary crackers now. I looked into those, and it seemed a lot more effective, but being rather new that might just be opinion. It just seems like working through Firesheep would be more effective, time wise, and for simplicity. Could you recommend me towards another direction then for me intercepting my own Facebook password on my home network?

Where should I go from here?

[limdis]

I personally haven't touched firesheep since I started using backtrack. But if I remember correctly the only thing that keeps firesheep from working on new releases of firefox is a number value that is incredibly easy to change. If you can't find it I'll try to dig it back up.
However, since you are diving into MiTM you are going to need a few different tools depending on how versatile you want to be in your attack. Something you need to consider is that all Facebook logins are over SSL so they aren't going to just be in plain text. You can try and crack the hashes but there are easier and near instant ways to get the plaintext values instead. Another thing to note; Firesheep is a session stealer and alone will not give you the login credentials.

I can tell you excited to learn this stuff but I'd put MiTM on the intermediate level of difficulty. Do you have an understanding of how the attack works? If not that's ok. It's why you are here