Image via Wikipedia
At the Toorcon 12 hacker conference in San Diego on Sunday, Seattle programmer Eric Butler introduced his Firesheep add-on for the Firefox Web browser in an effort to bring attention to the weakness of open Wi-Fi networks. In a practice known as HTTP session hijacking (or “sidejacking”) the add-on intercepts browser cookies used by many sites, including Facebook and Twitter, to identify users and allows anyone running the program to log in as the legitimate user and do anything that user can do on a particular website.
In a post on his site Butler describes how Firesheep works. Once installed, Firesheep displays a sidebar with a “Start Capturing” button. All the user needs to do is connect to an open Wi-Fi network, click the button and as soon as anyone on the network visits an insecure site known to Firesheep, the program captures the cookie that contains their log in details and their name and photo will be displayed in the sidebar. Double click on the displayed user and you’ll be logged in as them and able to wreak all kinds of havoc.