Firesheep

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

Firesheep

Post by Wittmann on Tue Oct 02, 2012 9:33 pm
([msg=69867]see Firesheep[/msg])

Well I'm running firesheep using Firefox 3.6.12 (the version Firesheep works on), Windows 7 64 bit (shame) :oops:

Anyway, Firesheep can't seem to pick anything up, not even stuff on my own computer, occasionally it will notice my login to my google account, but I can't actually click on the link to access it, the link just takes me to (unlogged in) google.

I've installed WinpCap, then Firesheep.

I am unable to see any logins or such, do you guys have any idea how to fix this? I've googled around and got very little. :cry:
User avatar
Wittmann
New User
New User
 
Posts: 5
Joined: Wed Sep 21, 2011 2:19 am
Blog: View Blog (0)


Re: Firesheep

Post by limdis on Tue Oct 02, 2012 9:38 pm
([msg=69869]see Re: Firesheep[/msg])

Hmm. I feel like you must not have done your research. For if you had you would know that you can make some small edits to get firesheep to work on more recent versions of firefox.
But allow me to drop my opinion. Firesheep is kind of skiddie and is highly limited. Also anyone picking up on this can simply run Blacksheep and bust you.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1398
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Firesheep

Post by Wittmann on Wed Oct 03, 2012 2:10 am
([msg=69873]see Re: Firesheep[/msg])

limdis wrote:Hmm. I feel like you must not have done your research. For if you had you would know that you can make some small edits to get firesheep to work on more recent versions of firefox.
But allow me to drop my opinion. Firesheep is kind of skiddie and is highly limited. Also anyone picking up on this can simply run Blacksheep and bust you.


I looked into that but the tutorial was for making it work on Linux, and it didn't seem to work the same in Windows when I went through and tried that.

The program (originally) worked for v3... so I'd imagine it still should as it was never updated for v4+. Nonetheless, I've been working around in Cain and Abel packet sniffing for my Facebook log-in from my iPhone. I can see the packets, and look at the http, but I haven't been able to actually get the password to crack, I'm downloading rainbow tables for the dictionary crackers now. I looked into those, and it seemed a lot more effective, but being rather new that might just be opinion. It just seems like working through Firesheep would be more effective, time wise, and for simplicity. Could you recommend me towards another direction then for me intercepting my own Facebook password on my home network?

Where should I go from here? :?
User avatar
Wittmann
New User
New User
 
Posts: 5
Joined: Wed Sep 21, 2011 2:19 am
Blog: View Blog (0)


Re: Firesheep

Post by limdis on Wed Oct 03, 2012 9:08 am
([msg=69880]see Re: Firesheep[/msg])

I personally haven't touched firesheep since I started using backtrack. But if I remember correctly the only thing that keeps firesheep from working on new releases of firefox is a number value that is incredibly easy to change. If you can't find it I'll try to dig it back up.
However, since you are diving into MiTM you are going to need a few different tools depending on how versatile you want to be in your attack. Something you need to consider is that all Facebook logins are over SSL so they aren't going to just be in plain text. You can try and crack the hashes but there are easier and near instant ways to get the plaintext values instead. Another thing to note; Firesheep is a session stealer and alone will not give you the login credentials.

I can tell you excited to learn this stuff but I'd put MiTM on the intermediate level of difficulty. Do you have an understanding of how the attack works? If not that's ok. It's why you are here 8-)
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1398
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests