Firesheep is a Firefox add-on which can be used to sniff out login data of websites, when you are surfing in a public Wi-fi network. When you login to social networking websites such as Facebook, Twitter etc on a public Wi-fi network, a cookie is stored in your computer to ensure that you don’t have to verify your identity for that particular browsing session.
How Firesheep Works
The username and password is sent unprotected to the Facebook servers ( for example) and then back to your computer, so if you are connected through a public Wi-fi connection, anyone else using the same connection can use add-ons like Firesheep to retrieve or sniff your login information.
Protect Your Login Information From Firesheep
One of the trusted ways to protect your login information from Firesheep is to use the https protocol while browsing or logging in to websites like Twitter or Facebook. The https protocol creates a secured channel over an open or unsecured wi-fi network. Your login information is sent encrypted to the website’s server which ensures reasonable protection from man in the middle attacks.
In short, using the https protocol encrypts user data, so if a script like Firesheep’s like tries to pull it, it can’t be read.
The Https everywhere add-on for Firefox makes it easy to always use the https connection of a website (if available). After the add-on is installed, major websites e.g Google, Twitter, Facebook, Wikipedia, Paypal etc will by default use the HTTPS protocol and you don’t have to type the https address manually.
There is another Firefox add-in called Force TLS, which allows web sites to tell Firefox that they should be served via HTTPS in the future. This helps secure you from accidentally negotiating an insecure session with certain sites. Google Chrome users can use the KB SSL Enforcer extension to achieve automatic http to https redirection for Facebook, Twitter, Gmail and majority of other sites.
While this isn’t a guaranteed way to protect your Facebook and Twitter account’s from Firesheep or similar sniffing attacks, it would be wise not to use a public connection at all for logging in to Gmail, Facebook, Twitter or other sites.