ATS Hackers and Guru's: What do you think about this? Firesheep

Originally posted by Blackmarketeer
This wont work with most people's laptops, the network card can't enter into "promiscuous" mode (a requirement for this add-on). TBH the FF add-on isn't doing anything hackers on a wifi network can't already do, this just brings it to the masses.

A FF add-on called "Force-TLS" will prevent anyone from tracking your web activity over an open wifi network.

A program called WinPcap (required by Firesheep) bypasses the protocol stack and allows low level access to raw data; promiscuous mode not required. This will allow a wireless adapter to sniff any wireless packets it is capable of receiving: e.g. a G adpater can receive G & B, an N adapter can receive N, G & B, and some cards can receive A, B, G & N; and it also affords Ethernet cards the same capability on a wired network as well, only limited by the subnetting of the network. And if I remember correctly, it can also be used against Bluetooth PAN networks as well (tethering a laptop to a phone over Bluetooth for Internet access for instance).

ForceTLS will only work if the server offers content over HTTPS connections.

I believe this applies: Fighting for peace is like screwing for virginity -George Carlin
2nd...

reply to post by abecedarian


Just a word from the faq on WinPcap ...

Q-16: Which network adapters are supported by WinPcap? A: The WinPcap device driver was developed to work primarily with Ethernet (10/100/1000) adapters. Support for other MACs was added during the development, but Ethernet remains the most tested one. The overall situation is:

Wireless adapters: these adapters may present problems, because they are not properly supported by the Windows Kernel. Some of them are not detected, other don't support promiscuous mode. In the best case, WinPcap is able to see an Ethernet emulation and not the real transiting packets: this means that the 802.11 frames are transformed into fake Ethernet frames before being captured, and that control frames are not received.

Translation, it doesn't work very well without promiscuous mode.
...just saying..

Originally posted by abecedarian
ForceTLS will only work if the server offers content over HTTPS connections.

edit on 10/27/2010 by abecedarian because: (no reason given)

Actually TLS is referred to as Transmission Layer Security and has nothing to do with SSL or Secure Socket Layer. You can force TLS in your browser, but that will only work to your first routing point where it's decrypted and sent in plain text to your targeted host. If you were connecting to an SSL enabled server you wouldn't need to force TLS as your connection would already be encrypted. RTFM

..Ex

reply to post by v3_exceed


I did RTFM: crypto.stanford.edu...

The initial connection is sent HTTP unless an HTTPS connection is established first. Even then it's possible for a session cookie to be transmitted from the server to the browser as plain text in spite of the connection being HTTPS.

Originally posted by v3_exceed
reply to post by abecedarian

 

Just a word from the faq on WinPcap ...

Q-16: Which network adapters are supported by WinPcap? A: The WinPcap device driver was developed to work primarily with Ethernet (10/100/1000) adapters. Support for other MACs was added during the development, but Ethernet remains the most tested one. The overall situation is:

Wireless adapters: these adapters may present problems, because they are not properly supported by the Windows Kernel. Some of them are not detected, other don't support promiscuous mode. In the best case, WinPcap is able to see an Ethernet emulation and not the real transiting packets: this means that the 802.11 frames are transformed into fake Ethernet frames before being captured, and that control frames are not received.

Translation, it doesn't work very well without promiscuous mode.
...just saying..

The passwords and such occur at a higher level than the control frames and as such be visible in the faux Ethernet packets; this is all that is required.

I'm glad to see this turned into a healthy debate!

I was going to mention winPcap, or AirPcap adapters for those who really get into it, but didn't think it'd be needed.

This thread is a relief! Lots of good info !!

It's basically Wireshark for FireFox.

I wouldn't use this, I wouldn't use most plug-ins, only FlashGot and NoScript.

If your interested in Wireless packet sniffing, try downloading BackTrack 4 r1 and burning the ISO to DVD or dual boot your computer, even install it on a USB thumbdrive. Its great, has all the tools to get you started. More information can be found here.

Enjoy.

..and don't be using that addon, personally I get paranoid over these things, sounds like a honeypot.

Originally posted by the_denv
It's basically Wireshark for FireFox.

Enjoy.

..and don't be using that addon, personally I get paranoid over these things, sounds like a honeypot.

This has been my "take-away" for awhile now ... most of the technicalities being discussed are over my head, but I get the gist and have to say that I'm more and more wary of adding anything to my computer for any reason and certainly unsecured wi-fi should be something everyone knows not to use without risk. Lol.

Thanks for the input.

reply to post by the_denv


Yep. "for the average joe"-hacking tools are never something good. I too am very suspicious of that firefox addon.


But why are there still sites using cookies? I mean Cookies really!!?? I use encrypted sessions for every authentication i code.

And btw Facebook an co. have a lot of vulnerabilities. 100% security is impossible. Unless you are one of the few people on earth with very high skills and the knowledge of the basic architecture of communication hardware.

Secure PC?: Get Unix installed by high skilled IT guys. Unplug it. Bury it deep in concrete. Shoot the IT guys. Shoot yourself

reply to post by TheDeader


Even Win95 is secure given those requirements.

Man that's scary.

But SSL has been available for a long time. Why these companies such as FB are not implementing encryption to protect users is still a question to me.

Only conspiracy-esque reason why they haven't, that my mind can come up with, is that it will interfere with government data mining.

Pretty cool tool for those in the know though.

good idea

this will just make it more popular this stealing art of packets ...

so, probably all these websites that dont encrypt their data will have to start doing it!

for you to protect yourself, you could just use a software like Hotspot Shield, so you can protect all your data no matter what

reply to post by Faiol


Sorry to break this to you but the Hotspot Software is just crap:

From their website:

1. Access all content privately without censorship; bypass firewalls.
   
2. Provides Unlimited Bandwidth.
   
3. Rest on their website...
   

Blacksheep for Firefox has now been released and it looks like it will stop someone getting your credentials (And supply you with their IP address).

It's a sounds enough basic tool to aid you with open hot spots.

Hope this info helps!

-m0r

Originally posted by m0r1arty
Blacksheep for Firefox has now been released and it looks like it will stop someone getting your credentials (And supply you with their IP address).

It's a sounds enough basic tool to aid you with open hot spots.

Hope this info helps!

-m0r

I was reading the comments section and it appears to be making people's browsers crash. This stuff is way over my head, all I learned is not to login to any site while using a public WI FI...

To the OP; I appreciate the heads-up about public WI FI spots though. I was getting ready to use mine at the library, but not now!!!