A response to this, from a slightly surprising source (Zscaler, a cloud-based web proxy / email filtering vendor), has been another Firefox add-on called ‘BlackSheep’. The Zscaler add-on can detect if someone is using Firesheep on the network.
"BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network."
If BlackSheep identifies that a host has Firesheep installed on the network, it displays a banner indicating that someone has the add-on installed and shows their IP address (as below).
Un-ironically, BlackSheep and Firesheep cannot be installed on the same Firefox profile as they use a lot of the same code and will conflict.
One way of defeating Firesheep. http://www.youtube.com/watch?v=ymPBPbWU45g
ReplyDelete