On Thu, 21 Apr 2011 20:50:07 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>From: "Shadow" <Sh@dow.br>
>
>> Curious. What does it work on, the data (cookies) the browser
>> sends to the server or the data sent from the server to the browser ?
>> TIA
>
>http://en.wikipedia.org/wiki/Firesheep
Thanks, so as I see it Firesheep just takes the cookies sent
by the webpage, and does not perform session cookie hijack ?

http://en.wikipedia.org/wiki/Firesheep
"The extension uses a packet sniffer to intercept unencrypted
cookies from certain websites"
---> FROM the website, so no point in a directional antenna
on the victims PC, as the WISP server will be radiating these cookies
in a (probably) 180 degree direction.

http://en.wikipedia.org/wiki/Session_hijacking
"Session sidejacking, where the attacker uses packet sniffing
to read network traffic between two parties to steal the session
cookie. Many web sites use SSL encryption for login pages to prevent
attackers from seeing the password, but do not use encryption for the
rest of the site once authenticated. This allows attackers that can
read the network traffic to intercept all the data that is submitted
to the server or web pages viewed by the client. Since this data
includes the session cookie, it allows him to impersonate the victim,
even if the password itself is not compromised. Unsecured Wi-Fi
hotspots are particularly vulnerable, as anyone sharing the network
will generally be able to read most of the web traffic between other
nodes and the access point."
---> Our WISP here is secured by MAC address (or in other
words, is unsecured). In this case, a very directional antenna would
diminish the area an interceptor could capture these cookies. But from
what I understood, firesheep uses only cookies from the server, so
these antennas would be of no use.
[]'s
PS every other "hacker" here in town has firesheep on his
laptop. Most local social websites are unencrypted. ( I live in
Brazil).