Home > Articles > Cisco Network Technology > General Networking > Firesheep, Fireshepherd, and Facebook: Understanding Session Hijacking

Firesheep, Fireshepherd, and Facebook: Understanding Session Hijacking

Article Description

Firesheep is a tool that allows hackers to eavesdrop on unencrypted wireless networks and, in essence, hijack the browser session. Information technology professional Mike Chapple shows you how web authentication makes session hijacking possible, how Firesheep exploits these vulnerabilities, and the measures that website administrators, web developers, and end users can take to protect against session hijacking attacks.

Like this article? We recommend

Computer Incident Response and Product Security

Computer Incident Response and Product Security


Defending Against Firesheep

Defending Against Firesheep

The best line of defense against Firesheep and other session hijacking attacks lies in the hands of web developers and web server administrators. If you develop web applications that rely upon cookies for session management, be sure that they are always managed in a secure fashion. Here are a few ways you can do that:

  • Send cookies only via SSL. If you require browsers to encrypt the cookie before transmission, it won't be vulnerable to interception while in transit. This is as simple as setting the secure option in the cookie and allowing full HTTPS access to your website.
  • Limit the applications that can make use of your cookies. You should also set your cookies so that their use is as restricted as possible. At a minimum, you should set them so that they are only accessible to systems in your domain using the domain option in the cookie. Ideally, you should set the cookie's use to a specific server within your domain. You can also restrict the cookie's use to specific applications in your domain by setting the path option.
  • Restrict cookies to HTTPS. You can also use the httponly flag to request that browsers only submit cookies directly to the server via HTTP/HTTPS connections. This prevents an attacker from accessing the cookie via JavaScript attacks.

If you're an end user, you don't have control over the way cookies are configured, but you do have some options at your disposal:

  • Limit your use of websites that do not offer HTTPS connections. You can vote with your feet by refusing to use sites that may be vulnerable to session hijacking attacks.
  • Tunnel your connections through a VPN. If you're using the Internet in a risky location and are concerned about eavesdroppers conducting session hijacking attacks, connect to a VPN (virtual private network) at your workplace and use that connection to encrypt traffic that you're sending on the local network.

Media reports recently highlighted a number of tools designed to thwart Firesheep, most notably a tool called Fireshepherd that shuts down instances of Firesheep running on the local network. These tools are flawed in that they only limit the effectiveness of Firesheep as a tool but do nothing to remedy the underlying flaws in web authentication via unencrypted means. A moderately sophisticated attacker can use a network sniffing tool, such as Wireshark, to monitor traffic and steal your session without detection.

4. Final Thoughts | Next Section Previous Section