New Firefox Plug-in Detects Browser Hijack Attacks

Dennis Faas's picture

Cloud-based security company "Zscaler" has launched a new Firefox web browser plug-in called "BlackSheep" designed to protect users against a recent browser hijacking tool that allows just about anyone to potentially hijack your web browser session.

Firesheep: A 'Peculiar' Extension

In order to explain the details of how "Blacksheep" came to be, we need to take a few steps back.

In October of this year, a Firefox plug-in dubbed "Firesheep" was created. It was an extension put together by developer Eric Butler and demonstrated at the Toorcon security conference. The conference is held annually to raise awareness of network security issues. Firesheep's main purpose was to exploit weak transaction security on social networking applications, such as Facebook and Twitter.

Although the plug-in essentially demonstrated how virtually anyone can hack and hijack web browser sessions (albeit in an effort to raise awareness and alter carefree online practices), red flags should have been raised when the program was downloaded more than 100,000 times in the first 24 hours of its release to the public. (Source:

Firesheep Used by Hackers for Man-In-The-Middle Attack

While Firesheep did serve as a positive inspiration for the creation of the software "Idiocy" (another awareness-raising network security tool), its appeal to those with ulterior motives seemed to prove too great. As Michael Sutton, vice president of security research at Zscaler put it, "Firesheep garnered considerable attention due to the fact that it makes web browser hijacking exponentially easier and can bring this capability to the masses." (Source:

Web Browser Session Hijacking: As Easy As Point And Click

The way the attack works is similar to a "man-in-the-middle" scheme and is not limited to wireless networks: it can be any network (wired or wireless). The Zscaler website explains how a typical attack would work in detail:

"Session hijacking is nothing new. Web sites typically use SSL [secure] connections for initial login pages, but revert to non-encrypted [pages] for all subsequent communication. As such, while a user's username and password may be protected [and not seen by a hacker using a Firesheep attack], once the [user is] authenticated, any user on the same network can simply sniff network traffic, obtain a user's session ID and then hijack their session for a given website.

Although this has always been a serious risk, especially on insecure networks such as public WiFi hot spots, some degree of technical knowledge was required to accomplish the attack. Firesheep, opens such attacks to the masses as it turns session hijacking into a point and click exercise. Unless websites mandate SSL for all traffic on the site, session hijacking will always remain a threat. Fortunately, BlackSheep can be used to let you know if someone is running Firesheep on the same network. " (Source:

Firesheep not on Blacklist

Further troublesome is the fact that, despite the security threat posed by the extension, Firesheep has not been added to Firefox's add-on blacklist because it does not utilize any security vulnerabilities in the browser itself. While those using Firesheep have been warned that the use of the extension can pose a violation of computer security laws in some countries, and if used for malicious purposes, these cautionary messages usually fall on deaf ears.

As Julien Sobrier, senior researcher at Zscaler Labs (and developer of the BlackSheep plugin) explains, "BlackSheep leverages much of the Firesheep [programming] code, but the twist is that rather than being used to hijack browsing sessions, it instead detects when a session is being hijacked and alerts the user. Firesheep is essentially used against itself to combat the threat it poses."

Those interested can download the BlackSheep Firefox plug-in by clicking here.

Rate this article: 
No votes yet