Researchers at Zscaler have released a tool to help detect the much-discussed Firesheep tool.
With no small touch of irony, Zscaler has dubbed its tool “BlackSheep.” Like Firesheep, BlackSheep is a Firefox add-on. However, its mission is to graze WiFi networks for Firesheep, sniffing out session hijacking attempts by putting fake session ID information on the wire and monitoring traffic.
“While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available,” according to Zscaler. “It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network.”
Firesheep was released last month at the ToorCon 12 security conference in San Diego. Its creator, software developer Eric Butler, has said that he created the tool to highlight the need for encryption on popular sites. With Firesheep, attackers can hijack the sessions of users logging onto sites like Facebook and Twitter on unsecure WiFi connections.
In the days and weeks since Firesheep’s release, other tools such as Idiocy have popped up as well. While some have questioned the legality of Firesheep, Butler blogged recently that the program has done what it is supposed to – bring an important issue to light.
“Similar tools have existed for years, so big companies, especially Facebook and Twitter, cannot claim they are unaware of these issues,” Butler wrote. “They have knowingly placed user privacy on the back burner, and I’d be interested to hear some discussion about the ethics of these decisions, which have left users at risk since long before Firesheep.”