Skip to main content

Firesheep Fail with Asus 1005ha

I recently wanted to install the Firefox Firesheep plug in to mess with on my ASUS 1005ha Netbook.   I didn't like that I had to install Firesheep in Windows, as my primary OS is Ubuntu, however, there is no Linux support for Firesheep, so I was stuck with Winblows.  

I downloaded the Firesheep plugin from  and tried to install it (by simply opening it up in Firefox).  It wouldn't install because it said my version of firefox wasn't up to date.  So, I updated my Firefox and tried again.  It then installed fine, but when I went to run it, Firesheep said that it couldn't put my NIC into promiscuous mode.  I already had WinPcap installed, but thought I might have to update it.  I updated my WinPcap, and that didn't help.  So, I thought that my Wireless driver (Atheros AR9285) may need to be updated.  I updated my driver, and still it wouldn't put my card in promiscuous mode.  On the side chance that it wasn't a Firesheep problem, I downloaded Wireshark to see if IT would be able to put my card in Promiscuous mode.  I got the same error with Wireshark.  

So my conclusion was that my card won't support promiscuous mode in Windows.   If only Firesheep would work with Ubuntu...  I also then wouldn't have to worry about the AntiVirus lighting up on Firesheep, like it does in Windows.  

I then moved on to my Dell 700m, to try with that IPW2200 card... same result... no joy
I then tried my Linksys WUSB600N USB wireless ... same result... no joy

Luckily, I had a Netgear WG111 Wireless Thumb Drive (B-only).  This worked with Firesheep, but is 802.11b only.  Still, I thought I'd try it out.  A buddy and I went to a Panera to try it out, and even though I had a laptop, he had a laptop, and there were several folks around on laptops, I got no traffic at all in Firesheep.  It seems that everyone is on G these days!  After about a half an hour, we called it quits.  I guess you just can't hack with B anymore. 

I tried Firesheep with a Linksys WUSB54GSC V 2.  G thumb drive.  This worked!  So I tried it out at Panera again.   This time, there was only me on the network, so I only captured my own traffic.  But Firesheep seemed to work very well (except it wouldn't capture any of my iPhone traffic). 

Below is a screenshot of Firesheep logging into several accounts it sniffed.  The strange thing was that with Twitter, Flickr, and Amazon, even after logging out both on the real browser, and the one running Firesheep, I was still able to just click the account and log right back in.  That is crazy.  Check out the below:

I've smugged the account names for security reasons, but the screenshot still gives a great feeling for how Firesheep works.  And to recap the scariness, not only would Firesheep capture cookies and log into my accounts as if it had properly authenticated, even after I logged out of Amazon, Flickr, and Twitter, both on the browser running Firesheep and the original browser, when I clicked on the account in the left pane of Firesheep, I could log right back in!  That means that those services don't kill your session cookie when you log out!  Crazy!

So I'm either going to not use any hotspots, or if I HAVE to, I'll use a VPN whenever I'm using any of my accounts.  Having an outsider being able to log into my accounts as me this easily is just ridiculous!


Popular posts from this blog

ADS-B plotting with Kali (and other SDR goodies)

Recently I wanted to try some Software Defined Radio stuff.   
I had a RTL-SDR, FM+DAB, DVB-T USB Stick Set with RTL2832U & R820T. that I got from:
But, even though this dongle would break out FM radio stations, and ATC frequencies (like the local Ground Control, tower, and even ATIS), which was cool, it wouldn't break out ADS-B.   
Thus, I bought a Vantech Green Mini RTL2832U R820T DVB-T SDR DAB FM USB DIGITAL TV Tuner Receiver RTL-SDR Project + DAB dongle Tuner MCX Input from Amazon, and tried this.  
This dongle was able to listen to the 1090MHz frequency required for ADS-B (as it goes from 25MHz to 1700MHz).  There were tons of Windows programs out there for breaking out and plotting ADS-B Mode S broadcasts, but not many for Linux.  
For Kali Linux, here's how I got it running and plotting planes around my home:
0) before you start, you should do an apt-get update to ensure you hav…

Beaglebone Black as a Wireless Intrusion Detection System (WIDS)

Recently I have been wanting a wireless IDS (WIDS) to detect nefarious wifi activity.  I also had a Beaglebone Black hanging around that I wanted to put to good use.   This seemed like a perfect match, and indeed it seems to be so!

I did some research on WIDSs, and although there is SUPPOSED to be several out there, nearly all that I seemed to find was commercial and Windows-based products, not something I could use myself.   
About the only exception to that rule was Kismet, so I decided to give that a try.  Kismet is supposed to work as a WIDS, and per its documentation should catch the following attacks:
Kismet supports the following alerts, where applicable the WVE (Wireless Vulnerability and Exploits, ID is included: AIRJACKSSID Fingerprint Deprecated The original 802.11 hacking tools, Airjack, set the initial SSID to 'airjack' when starting up. This alert is no longer relevant as the Airjac…

Temper Temperature monitor on a Beaglebone Black

Beaglebone Black as a temperature monitor:

Recently I wanted to monitor the temperature of my shed.  I thought I'd use a small computer such as a Raspberry Pi or a Beaglebone or Odroid.

My Raspberry Pi boxes were all in use, so I grabbed my Beaglebone, which was doing nothing.

I flashed it with the Debian9.32018-03-054GB SDIoTimage, but that seemed like it was running lots of bloatware and the ethernet interface wouldn't take a static IP with /etc/network/interfaces.

So I went with the Debian9.32018-01-284GB SDLXQTi image instead.  I still had the same problem, that lots of junk was running, and I couldn't configure my interface by modifying /etc/network/interfaces

So my first step was to get rid of all the bloatware.  If you're using a Raspberry Pi or something, you can skip this and just go to the second step below

STEP 1--Remove Blotatware from Beaglebone Black:

With some searching, I came across this post:…