{"id":477245,"date":"2023-08-09T09:09:43","date_gmt":"2023-08-09T09:09:43","guid":{"rendered":""},"modified":"2023-09-05T11:14:22","modified_gmt":"2023-09-05T11:14:22","slug":"firesheep","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/firesheep\/","title":{"rendered":"\u706b\u7f8a"},"content":{"rendered":"<p>Firesheep \u662f\u4e00\u6b3e\u5f00\u6e90\u6570\u636e\u5305\u55c5\u63a2\u5668\uff0c\u65e8\u5728\u7b80\u5316\u52ab\u6301\u4f1a\u8bdd\uff08\u4e5f\u79f0\u4e3a\u4fa7\u52ab\u6301\uff09\u7684\u8fc7\u7a0b\u3002\u5b83\u7531 Eric Butler \u5f00\u53d1\u5e76\u4e8e 2010 \u5e74\u53d1\u5e03\uff0c\u5b83\u63ed\u793a\u4e86\u7f51\u7ad9\u5904\u7406\u7528\u6237\u4f1a\u8bdd\u548c\u9690\u79c1\u7684\u65b9\u5f0f\u4e2d\u5b58\u5728\u7684\u4e25\u91cd\u6f0f\u6d1e\u3002<\/p>\n<h2>Firesheep \u7684\u8d77\u6e90\u548c\u65e9\u671f\u5386\u53f2<\/h2>\n<p>Firesheep \u9996\u6b21\u516c\u5f00\u53d1\u5e03\u662f\u5728 2010 \u5e74 10 \u6708 24 \u65e5\uff0c\u7531\u897f\u96c5\u56fe\u7684\u81ea\u7531\u8f6f\u4ef6\u5f00\u53d1\u4eba\u5458 Eric Butler \u53d1\u5e03\u3002Butler \u7684\u610f\u56fe\u4e0d\u662f\u4e3a\u9ed1\u5ba2\u63d0\u4f9b\u4fbf\u5229\uff0c\u800c\u662f\u63ed\u9732\u672a\u4f7f\u7528\u7aef\u5230\u7aef\u52a0\u5bc6\u7684\u7f51\u7edc\u670d\u52a1\u6240\u56fa\u6709\u7684\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<p>\u8be5\u5de5\u5177\u5f88\u5feb\u5c31\u56e0\u5176\u6613\u4e8e\u4f7f\u7528\u7684\u754c\u9762\u548c\u6f5c\u5728\u7684\u6ee5\u7528\u800c\u58f0\u540d\u72fc\u85c9\u3002\u5b83\u8868\u660e\u6076\u610f\u884c\u4e3a\u8005\u53ef\u4ee5\u8f7b\u6613\u5229\u7528\u5f00\u653e Wi-Fi \u7f51\u7edc\u4e0a\u672a\u52a0\u5bc6\u7684 HTTP \u4f1a\u8bdd\uff0c\u4ece\u800c\u5f15\u53d1\u4e86\u4eba\u4eec\u5bf9\u7f51\u7ad9\u5b89\u5168\u5b9e\u8df5\u7684\u5e7f\u6cdb\u53cd\u601d\uff0c\u5e76\u8f6c\u5411\u66f4\u5e7f\u6cdb\u5730\u91c7\u7528 HTTPS\u3002<\/p>\n<h2>\u89e3\u5bc6 Firesheep\uff1a\u6df1\u5ea6\u63a2\u7d22<\/h2>\n<p>Firesheep \u901a\u8fc7\u55c5\u63a2\u7f51\u7edc\u6570\u636e\u5305\u5e76\u62e6\u622a\u6765\u81ea\u7f51\u7ad9\u7684\u672a\u52a0\u5bc6 cookie \u6765\u8fd0\u884c\u3002\u5f53\u4e0e Firesheep \u7528\u6237\u4f4d\u4e8e\u540c\u4e00\u7f51\u7edc\u7684\u7528\u6237\u767b\u5f55\u4f7f\u7528 HTTP \u800c\u975e HTTPS \u7684\u7f51\u7ad9\u65f6\uff0cFiresheep \u4f1a\u62e6\u622a\u8be5\u7f51\u7ad9\u53d1\u9001\u5230\u7528\u6237\u8ba1\u7b97\u673a\u7684 cookie\u3002<\/p>\n<p>\u4f7f\u7528\u8fd9\u4e9b Cookie\uff0cFiresheep \u53ef\u4ee5\u6709\u6548\u5730\u5728\u7f51\u7ad9\u4e0a\u201c\u5192\u5145\u201d\u7528\u6237\uff0c\u65e0\u9700\u5bc6\u7801\u5373\u53ef\u8bbf\u95ee\u5176\u5e10\u6237\u3002\u9700\u8981\u6ce8\u610f\u7684\u662f\uff0cFiresheep \u53ea\u80fd\u8bbf\u95ee\u7528\u6237\u5728\u4e0e Firesheep \u7528\u6237\u5904\u4e8e\u540c\u4e00\u672a\u52a0\u5bc6\u7f51\u7edc\u4e0a\u65f6\u4e3b\u52a8\u767b\u5f55\u7684\u7f51\u7ad9\u3002<\/p>\n<h2>Firesheep \u7684\u5185\u90e8\u5de5\u4f5c\u539f\u7406<\/h2>\n<p>Firesheep \u672c\u8d28\u4e0a\u662f\u4e00\u4e2a\u6570\u636e\u5305\u55c5\u63a2\u5668\uff0c\u8fd9\u610f\u5473\u7740\u5b83\u53ef\u4ee5\u62e6\u622a\u5e76\u8bb0\u5f55\u901a\u8fc7\u6570\u5b57\u7f51\u7edc\u7684\u6d41\u91cf\u3002\u5b83\u4e13\u95e8\u9488\u5bf9 cookie\uff0c\u5373\u7f51\u7ad9\u7528\u6765\u8ddf\u8e2a\u7528\u6237\u7684\u5c0f\u5757\u6570\u636e\u3002<\/p>\n<p>\u8be5\u6269\u5c55\u4f7f\u7528\u540d\u4e3a pcap \u7684\u5e93\u6765\u6355\u83b7\u516c\u5171\u7f51\u7edc\u4e0a\u7684\u6d41\u91cf\u3002\u7136\u540e\uff0c\u5b83\u4f1a\u626b\u63cf\u8fd9\u4e9b\u6570\u636e\u4ee5\u67e5\u627e Cookie\uff0c\u5e76\u4f7f\u7528\u7279\u5b9a\u4e8e\u5176\u652f\u6301\u7684\u6bcf\u4e2a\u7ad9\u70b9\u7684\u4ee3\u7801\uff08\u79f0\u4e3a\u201c\u5904\u7406\u7a0b\u5e8f\u201d\uff09\u5bf9\u5176\u8fdb\u884c\u5206\u6790\u3002\u5f53\u5b83\u68c0\u6d4b\u5230\u6765\u81ea\u53d7\u652f\u6301\u7ad9\u70b9\u7684 Cookie \u65f6\uff0c\u5b83\u4f1a\u4f7f\u7528\u6b64\u4fe1\u606f\u52ab\u6301\u4f1a\u8bdd\u3002<\/p>\n<h2>Firesheep \u7684\u4e3b\u8981\u529f\u80fd<\/h2>\n<p>Firesheep \u62e5\u6709\u591a\u9879\u529f\u80fd\uff0c\u4f7f\u5176\u5728\u53d1\u5e03\u65f6\u5c24\u4e3a\u5f15\u4eba\u6ce8\u76ee\uff1a<\/p>\n<ul>\n<li><strong>\u7b80\u5355<\/strong>\uff1aFiresheep \u8ba9\u975e\u6280\u672f\u7528\u6237\u4e5f\u80fd\u901a\u8fc7\u7b80\u5355\u76f4\u89c2\u7684\u754c\u9762\u4f7f\u7528\u4f1a\u8bdd\u52ab\u6301\u3002\u5b83\u88ab\u8bbe\u8ba1\u4e3a Firefox \u6269\u5c55\uff0c\u5b89\u88c5\u5feb\u901f\u7b80\u4fbf\u3002<\/li>\n<li><strong>\u5f00\u6e90<\/strong>\uff1aFiresheep \u80cc\u540e\u7684\u4ee3\u7801\u5df2\u5411\u516c\u4f17\u5f00\u653e\u3002\u8fd9\u79cd\u5f00\u653e\u6027\u5f15\u53d1\u4e86\u6709\u5173\u7f51\u7edc\u5b89\u5168\u7684\u6301\u7eed\u8ba8\u8bba\u3002<\/li>\n<li><strong>\u53ef\u6269\u5c55\u6027<\/strong>\uff1aFiresheep \u53ef\u4ee5\u901a\u8fc7\u4f7f\u7528\u5904\u7406\u7a0b\u5e8f\u652f\u6301\u8bb8\u591a\u7f51\u7ad9\u3002\u5f00\u53d1\u4eba\u5458\u53ef\u4ee5\u7f16\u5199\u65b0\u7684\u5904\u7406\u7a0b\u5e8f\u6765\u6269\u5c55 Firesheep \u7684\u529f\u80fd\u3002<\/li>\n<\/ul>\n<h2>Firesheep \u7684\u79cd\u7c7b<\/h2>\n<p>\u4f5c\u4e3a\u4e00\u6b3e\u5f00\u6e90\u8f6f\u4ef6\uff0cFiresheep \u6709\u5404\u79cd\u7248\u672c\u548c\u6539\u7f16\u7248\u672c\u3002\u4e0d\u8fc7\uff0cFiresheep \u5e76\u6ca1\u6709\u660e\u786e\u7684\u201c\u7c7b\u578b\u201d\uff0c\u800c\u662f Eric Butler \u5f00\u53d1\u7684\u539f\u59cb\u8f6f\u4ef6\u7684\u6539\u7f16\u7248\u672c\u548c\u53d8\u79cd\u3002<\/p>\n<h2>\u4f7f\u7528 Firesheep\uff1a\u6311\u6218\u548c\u89e3\u51b3\u65b9\u6848<\/h2>\n<p>Firesheep \u7684\u8bbe\u8ba1\u521d\u8877\u662f\u4f5c\u4e3a\u4e00\u6b3e\u53d1\u73b0\u5b89\u5168\u6f0f\u6d1e\u7684\u5de5\u5177\uff0c\u4f46\u5b83\u53ef\u80fd\u88ab\u6076\u610f\u653b\u51fb\u8005\u6ee5\u7528\uff0c\u7528\u4e8e\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u8d26\u6237\u3002\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u516c\u5171 Wi-Fi \u7f51\u7edc\u6216\u4e0d\u4f7f\u7528 HTTPS \u7684\u7f51\u7ad9\u53ef\u80fd\u4f1a\u8ba9\u7528\u6237\u9762\u4e34\u6f5c\u5728\u7684 Firesheep \u653b\u51fb\u3002<\/p>\n<p>\u4e3a\u4e86\u9632\u8303 Firesheep \u548c\u7c7b\u4f3c\u5de5\u5177\uff0c\u7528\u6237\u5e94\u8be5\uff1a<\/p>\n<ul>\n<li>\u907f\u514d\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u516c\u5171 Wi-Fi \u7f51\u7edc\u6267\u884c\u654f\u611f\u4efb\u52a1\u3002<\/li>\n<li>\u5c3d\u53ef\u80fd\u4f7f\u7528\u652f\u6301 HTTPS \u7684\u7f51\u7ad9\u3002<\/li>\n<li>\u4f7f\u7528\u865a\u62df\u4e13\u7528\u7f51\u7edc (VPN) \u52a0\u5bc6\u5176\u7f51\u7edc\u6d41\u91cf\u3002<\/li>\n<li>\u5728\u6d4f\u89c8\u5668\u4e0a\u542f\u7528\u201cHTTPS Everywhere\u201d\uff0c\u6b64\u529f\u80fd\u4f1a\u5728\u6709\u53ef\u7528 HTTPS \u8fde\u63a5\u65f6\u5f3a\u5236\u4f7f\u7528 HTTPS \u8fde\u63a5\u3002<\/li>\n<\/ul>\n<h2>Firesheep \u4e0e\u7c7b\u4f3c\u5de5\u5177\u7684\u6bd4\u8f83<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u5de5\u5177<\/th>\n<th>\u4f7f\u7528\u65b9\u4fbf<\/th>\n<th>\u5f00\u6e90<\/th>\n<th>\u5177\u4f53\u91cd\u70b9<\/th>\n<th>\u53ef\u6269\u5c55\u6027<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u706b\u7f8a<\/td>\n<td>\u9ad8\u7684<\/td>\n<td>\u662f\u7684<\/td>\n<td>\u4f1a\u8bdd\u52ab\u6301<\/td>\n<td>\u662f\u7684<\/td>\n<\/tr>\n<tr>\n<td>Wireshark<\/td>\n<td>\u4e2d\u7b49\u7684<\/td>\n<td>\u662f\u7684<\/td>\n<td>\u5e38\u89c4\u6570\u636e\u5305\u55c5\u63a2<\/td>\n<td>\u662f\u7684<\/td>\n<\/tr>\n<tr>\n<td>tcpdump<\/td>\n<td>\u4f4e\u7684<\/td>\n<td>\u662f\u7684<\/td>\n<td>\u5e38\u89c4\u6570\u636e\u5305\u55c5\u63a2<\/td>\n<td>\u4e0d<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Firesheep \u7684\u672a\u6765<\/h2>\n<p>\u5c3d\u7ba1 Firesheep \u672c\u8eab\u4e0d\u518d\u79ef\u6781\u7ef4\u62a4\uff0c\u4f46\u5b83\u6240\u6307\u51fa\u7684\u95ee\u9898\u4ecd\u7136\u5177\u6709\u73b0\u5b9e\u610f\u4e49\u3002\u8be5\u5de5\u5177\u63a8\u52a8\u4e86\u6574\u4e2a\u884c\u4e1a\u5411\u7aef\u5230\u7aef\u52a0\u5bc6\u7684\u8f6c\u53d8\uff0c\u672a\u6765\u7684\u5de5\u5177\u53ef\u80fd\u4f1a\u7ee7\u7eed\u5229\u7528\u548c\u7a81\u51fa\u5176\u4ed6\u5b89\u5168\u6f0f\u6d1e\u3002<\/p>\n<h2>\u4ee3\u7406\u670d\u52a1\u5668\u548c Firesheep<\/h2>\n<p>\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u7528\u4e8e\u51cf\u8f7b Firesheep \u548c\u7c7b\u4f3c\u5de5\u5177\u5e26\u6765\u7684\u98ce\u9669\u3002\u901a\u8fc7\u4ee3\u7406\u670d\u52a1\u5668\u8def\u7531\u7528\u6237\u6d41\u91cf\uff0c\u6d41\u91cf\u5c06\u88ab\u52a0\u5bc6\uff0c\u8fd9\u4f7f\u5f97 Firesheep \u7b49\u5de5\u5177\u66f4\u96be\u52ab\u6301\u4f1a\u8bdd\u3002<\/p>\n<p>\u50cf OneProxy \u8fd9\u6837\u53ef\u9760\u4e14\u5b89\u5168\u7684\u4ee3\u7406\u670d\u52a1\u53ef\u4ee5\u6210\u4e3a\u4fdd\u62a4\u7528\u6237\u514d\u53d7 Firesheep \u653b\u51fb\u7684\u6709\u6548\u5de5\u5177\uff0c\u5c24\u5176\u662f\u4e0e HTTPS \u8fde\u63a5\u7ed3\u5408\u4f7f\u7528\u65f6\u3002<\/p>\n<h2>\u76f8\u5173\u94fe\u63a5<\/h2>\n<ul>\n<li><a href=\"https:\/\/github.com\/codebutler\/firesheep\" target=\"_new\" rel=\"noopener nofollow\">Firesheep \u7684\u5b98\u65b9 GitHub \u5b58\u50a8\u5e93<\/a><\/li>\n<li><a href=\"http:\/\/codebutler.github.io\/firesheep\/\" target=\"_new\" rel=\"noopener nofollow\">Eric Butler \u5728 Firesheep \u4e0a\u7684\u535a\u5ba2\u6587\u7ae0<\/a><\/li>\n<li><a href=\"https:\/\/oneproxy.pro\/cn\/\" target=\"_new\" rel=\"noopener\">OneProxy \u7684\u7f51\u7ad9<\/a><\/li>\n<\/ul>","protected":false},"featured_media":477246,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477245","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Firesheep: Unveiling the Network Sniffer<\/mark>","faq_items":[{"question":"What is Firesheep?","answer":"<p>Firesheep is an open-source packet sniffer developed by Eric Butler in 2010. It's designed to expose internet security flaws by simplifying the process of session hijacking, also known as sidejacking.<\/p>"},{"question":"Who created Firesheep and why?","answer":"<p>Firesheep was created by Eric Butler, a software developer from Seattle. The tool was developed not to facilitate hacking, but to expose the security flaws of web services that did not use end-to-end encryption, thereby encouraging stronger security practices.<\/p>"},{"question":"How does Firesheep work?","answer":"<p>Firesheep works by sniffing network packets and intercepting unencrypted cookies from websites. When a user logs into a website using HTTP instead of HTTPS on the same network as the Firesheep user, the software intercepts these cookies. With this information, Firesheep can impersonate the user on the website, gaining access to their account without needing a password.<\/p>"},{"question":"What are the key features of Firesheep?","answer":"<p>Firesheep's key features include its simplicity and user-friendly interface, its open-source nature which encourages public engagement with web security issues, and its extensibility, meaning developers can write new handlers to expand Firesheep's capabilities.<\/p>"},{"question":"How can users protect themselves against Firesheep?","answer":"<p>Users can protect themselves against Firesheep by avoiding unsecured public Wi-Fi networks for sensitive tasks, using websites that support HTTPS, using a Virtual Private Network (VPN), and enabling \"HTTPS Everywhere\" on their browsers.<\/p>"},{"question":"How does a proxy server protect against Firesheep?","answer":"<p>A proxy server routes a user's traffic through itself, encrypting the traffic and making it difficult for a tool like Firesheep to hijack the session. A reliable and secure proxy service like OneProxy can be a valuable tool in protecting users from Firesheep attacks.<\/p>"},{"question":"What is the future of Firesheep?","answer":"<p>While Firesheep itself is no longer actively maintained, the issues it highlighted, like the need for end-to-end encryption, are still relevant. It sparked an industry-wide shift towards better security practices, and future tools will likely continue to expose and address other security vulnerabilities.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477245\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media\/477246"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media?parent=477245"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}