BlackSheep add-on combats Firesheep session hijacking tool
By Darren Quick
November 8, 2010
Last month Seattle programmer Eric Butler exposed the weaknesses of open Wi-Fi networks with his Firesheep add-on for FireFox. The program intercepts browser cookies to identify users and allows anyone running it to log into sites such as Facebook and Twitter as the legitimate user. While Butler wanted to encourage the use of HTTPS to combat such vulnerabilities, users can now combat Firesheep with another Firefox add-on – BlackSheep.
Developed by researchers at Zscaler, BlackSheep works by continually dropping "fake" session ID information onto the wire and monitoring traffic for another IP address re-submitting this same information to see if it has been hijacked. If it detects the presence of Firesheep on the network, it alerts the user with a warning and the IP address of the person using it so they can log off and seek out more secure surroundings.
Because BlackSheep shares much of the same code base as Firesheep, the two add-ons cannot be installed on the same Firefox instance. If users want to run both on the same machine they will need to install them in different Firefox profiles.
The BlackSheep add-on is available as a free download for Mac OS X and Windows XP or later systems from Zscaler.