Hacking Accounts through Wifi

 I learned this trick while i workin on a wifi connection on one of my friends house he had his own wifi connection and he dont had any password in his connection ,one boy at down of his house was using his connection ...so, then i used this method to capute his works and kicked off his account.. !
Security researcher always warned people about the bug and vulnerability of public networks and unencrypted services...

As you know that when you log in into a website your enter your user-name and password and then the server check your submitting user-name and password with their record and than assign you a cookies for your browser to get connected with server, what happen when you are logging and someone will get your cookies and use it on his browser, yes this is called session hijacking.

Over a year ago, session hijacking need some technical knowledge and the new and inexperienced user's cant do this, but the time has been changed and a Firefox add-on called Firesheep introduced that hijack the facebook,myspace and twitter session over an open network. FireSheep is free, open source and available almost on every operating system.

                        How Firesheep Works

Firesheep is a packet sniffer that analyze received packets from unencrypted websites on a open network like WiFi connections.

An attacker install firesheep and the new side bar appears on Firefox and the extension wait for the 26 websites that are in firesheep database to log in, when someone log in in any of these websites than firesheep capture his session id or user-name and password.   

When your browser shows HTTPS instead of HTTP means your are logging on an encrypted website.

Protection

• Use a VPN(Virtual Private Network) that create a secure tunnel for your data.
• Use HTTPS everywhere, it is a firefox add-on.
• Avoid visiting such websites, when you connected to the public access networks, in place like coffee shops and airports.....