Task 3.8: Attacking Authentication with Firesheep
While cryptography may not be something that every Security+ certified professional dreams about, you must understand the protection that cryptographic controls provide and how they can be used to secure assets and control access. Many websites use weak encryption or none at all. This task will examine one of the methods used to bypass authentication.
This task will examine one method to attack authentication and perform a sidejacking attack with Firesheep. Sidejacking is possible as many websites only initially use encryption to gain access to an account. Once established, access is maintained by means of a cookie. Cookies are used to validate users to Facebook, Twitter, and other sites through an unencrypted channel. Firesheep allows a hacker to steal a user’s cookie. With this cookie, a hacker or malicious individual will have full access to the victim’s/user’s profile.
Scenario
Your manager is concerned about the security provided by websites that use cookies. He has asked you to set up a demonstration to show the IT director how sidejacking works and to investigate whether your company’s new web portal is vulnerable.
Scope of Task
Duration
This task should take about 15 minutes.
Setup
For this task, you will need a Windows computer, access to the Administrator account, a wireless Internet connection, one or more switches, and the ability to download files.
Caveat
Although many security tools can be used for positive purposes, they can also be used maliciously; therefore, always obtain permission before installing any tool that may be viewed as malicious.
Procedure
In this task, you will learn how to run Firesheep to perform sidejacking.
Equipment Used
For this task, you must have:
- A Windows computer
- Access to the Administrator account
- A wireless Internet connection
Details
This task will show you how to install and run Firesheep. This task will look specifically at how the tool is used for sidejacking attacks and the vulnerability of some sites.
Installing and Running Firesheep
1. Once you have accessed your Windows computer and have logged in as Administrator, open your browser, go to http://codebutler.github.com/firesheep/, and click the link to download Firesheep.
2. Upon completion of the download, you also need to download WinPcap from the same URL. This is a low-level packet driver that is needed for the program to function properly.
If you have installed WinPcap for a previous task, you will not need to install it again.
3. Once the program is downloaded, install Firesheep by dragging it into the Firefox Tools Add-On menu.
4. While in Firefox, select View ⇒ Sidebar ⇒ Firesheep to display the tool.
5. Click Start Capture. This will cause the program to begin sniffing for traffic that can be sidejacked.
6. If someone logs into a vulnerable website, you can view their credentials or even double-click on the name and gain access to their account.
Never access anyone’s account that you do not have permission to view. In most areas, doing so may be considered a computer crime.
Criteria for Completion
You have completed this task when you have downloaded Firesheep, installed it on a Windows system, opened it in Firefox, and used it to perform a sidejacking attack.