Firesheep is a new add-on for firefox that makes it incredibly easy to hijack accounts over unsecured wi-fi networks. It was released to act as a wake-up call to websites about the need to use more secure communications. However, until websites step up and begin to fix the problem, quite a bit of fun can be had with Firesheep.
Firesheep works by crawling the wi-fi network for packets holding cookies for session data. It can then use this information to impersonate the actual user and allow you full and unrestricted access to the account. A good way to explain it would be if you needed to have a stamp on your hand to be able to go to the carnival. Now if you were able to sneak a peek at one persons hand you could make a copy of the mark on your own hand. Firesheep just automates the process of making the mark on your own hand.
Firesheep works for Facebook, Gmail, Hotmail, Twitter, and really any website that doesn’t have full SSL encryption and requires the user to log in.
It only works in the newest releases of Firefox, but it can be run on any operating system. Once you install Firesheep make sure you turn on the display in the sidebar. Once it is turned on click start capturing and wait for accounts to be captured.
While Firesheep may open up fun possibilities, remember you are just as vulnerable as anybody else. So be careful when and where you log on.