BlackSheep – Detect FireSheep on an Unsecured Wi-Fi Network

Last week, I wrote about FireSheep,  a newly released add-on for Firefox, allowed everyone including amateur hackers and snoopers the ability to not only identify individual social networking sessions currently in progress but also the ability to impersonate those people. This was made possible by intercepting cookies being broadcast in the clear (i.e. completely unencrypted) and showing the cookie to the corresponding social networking site (such as Facebook or Twitter).

Hopefully, since my last post, people have become somewhat more wary of the risks of using open Wi-Fi networks at places like McDonald’s. Solutions such as enforcing the use of SSL (Secure Sockets Layer) security with something such as NoScript for Firefox, using a VPN to encrypt all of your traffic and divert it through a remote network, turning on WPA2+AES security on the Wi-Fi access point or simply abstaining from using such networks.

However, if you absolutely need to use unsecured Wi-Fi networks there is something you can do to determine if someone using FireSheep is snooping the network using a new Firefox add-on called BlackSheep from Zscaler Cloud Security.

BlackSheep is rather smart in the way it detects the use of FireSheep. It achieves this by creating a dummy session for a social networking site and then broadcasts it on the network. FireSheep, when it detects this dummy session, will attempt to obtain the name (and profile photo if available) of the user from the corresponding site. It is this request from FireSheep that BlackSheep uses to for its detection on a network.

Bear in mind, BlackSheep won’t protect you from the use of FireSheep on the same network, it merely alerts you to the use of FireSheep. Also, if you have been merrily browsing social networking websites in the meantime it may already be too late to prevent your account from being hijacked. As such, my recommendation to step up your security using one of the previously mentioned solutions still stands. Preventing a problem is a far more comprehensive solution than dealing with the fallout once it has been drawn to your attention.

If you want to install BlackSheep there is a catch. You can’t install FireSheep and BlackSheep in the same instance of Firefox due to the two add-ons sharing a large amount of code but you can get around this by installing them in separate profiles. Also, Windows users will need to install WinPcap which is a piece of packet capture software.

BlackSheep is available for Windows, MacOS X and Linux users of Firefox.

Leave a Reply

Your email address will not be published.