Home » 2011 » March » 7 » How to hack wireless network users using HTTP Session Hijacking
10:41 AMHow to hack wireless network users using HTTP Session Hijacking
What is HTTP Session Hijacking???
As all Gurus should know, whenever we login to any website, the webserver of the website replies back with a "cookie" which is used by client browser for further requests. Thus, cookie is used by webserver to identify the logged user and thus, maintain session of this user. Now, if we get this cookie of the victim, we can do all things same as the logged user (victim) himself. Since, we are now having the cookie of victim, webserver grants all session rights of victim to us. This way of hijacking cookies is called session hijacking. We can easily hack wireless network users by this Session Hijacking.
In wireless networks, exchange of cookies takes place through air, due to which one can easily intercept them and this session hijacking can be implemented easily.
Firesheep - How to hack wireless network users:
1. Free Download Firesheep firefox addon to hack wireless network users.
2. Install this addon in your Firefox (working pefect on Windows XP and Windows Vista). Restart Firefox. Connect to any public wireless network.
3. Now, in the sidebar, hit on "Start Capturing" and Firesheep searches for and captures cookies in wireless network.
4. As soon as anyone on the wireless network visits any insecure website known to Firesheep, their name and photo will be displayed in the sidebar. Now, simply double click on someone and you're into his/her account. Thus, you are able to hack wireless network user.
Sounds interesting right??? Yeah, this one's definitely a revolution in hacking technology. It has become so simple to hack any wireless network.
Websites that are vulnerable to Firesheep:
As is reported, the two social network giants Facebook and Twitter are vulnerable and hence attacked largely by Firesheep. Also, other websites vulnerable are: Foursquare, Gowalla, Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Flickr, Github, Google, HackerNews, Harvest, Windows Live, NY Times, Pivotal Tracker, Slicehost, tumblr, WordPress, Yahoo and Yelp.
Solution to Firesheep attack:
Firesheep hack can be implemented only if the website does not use secure HTTPS connections. So, we can lay down Firesheep hack, if we inform Firefox to always use secure connections. This can be implemented by using Firefox addon Force-TLS.
Securing whole Wireless network:
Also, it is necessary to secure other users of wireless network. So, FireShephard - the anti-Firesheep tool has been released which shuts down Firesheep running on any computer in the wireless network. FireShephard basically floods the nearby wireless network with packets which are designed to turn off Firesheep. This surely secures all users of the wireless network.
So friends, this was all about how to hack a wireless network using HTTP Session hijacking. Remember to install Force-TLS addon, if you're logging to your insecure web account in a wireless network. If you have any problem in this tutorial on how to hack wireless network using Firesheep, please mention it in comments.
Enjoy Firesheep to hack wireless network users...
|Total comments: 0|