Firefox plug-in is a cookie snatcher

A Firefox plug-in known as “Firesheep” has been positively identified as a serial cookie sidejacker.

The plug-in software is reportedly capable of intercepting Web browser cookies for sites such as Facebook or Twitter – thereby effectively providing unauthorized access to user accounts.

So, how does it work?

“When logging into a website you usually start by submitting your username and password,” Firesheep developer Eric Butler explained on his Web site.

“The server then checks to see if an account matching this information exists and if so, replies back to you with a ‘cookie’ which is used by your browser for all subsequent requests.

“On an open wireless network, cookies are basically shouted through the air, making [such intercepts] extremely easy.”

Jeff Gamet of the Mac Observer – who tested the app – confirmed that  sidejackers could use Firesheep to access Facebook, Twitter, Yahoo, Google and Amazon user accounts (on the same network).

“In TMO’s tests, we accessed a Facebook account and were able to post a message on the user’s wall as if we were the actual account owner,” said Gamet. 

“Our tests also showed that using client apps on the iPhone and iPad, such as Twitter clients and Amazon’s own app, didn’t transfer information that Firesheep was able to intercept.”