Pages

11/12/2010

Using Firesheep in Ubuntu (finally)

After a long wait, I just found a thread to bring Firesheep to Ubuntu.

I'm using Ubuntu 10.10 x64. I hope it works with 64bits :)

These steps has been done following the instructions from
https://github.com/codebutler/firesheep/pull/70
Thanks to codebuttler, mickflemm and others for the great job!

First off, installation of all prerequisite packages.
sudo apt-get install git autoconf xulrunner-dev libboost-dev libpcap-dev hal libhal-dev

Then, create an empty directory for downloading Firesheep's source code from git.
(Here, I want to put it in ~/Desktop/firesheep)
Then, download the source files using
git clone git://github.com/mickflemm/firesheep.git

I got
ptantiku@ptantiku-desktop:~/Desktop/firesheep$ git clone git://github.com/mickflemm/firesheep.git
Initialized empty Git repository in /home/ptantiku/Desktop/firesheep/firesheep/.git/
remote: Counting objects: 685, done.
remote: Compressing objects: 100% (369/369), done.
remote: Total 685 (delta 340), reused 625 (delta 305)
Receiving objects: 100% (685/685), 3.05 MiB | 2.64 MiB/s, done.
Resolving deltas: 100% (340/340), done.

now, the source files should be ready.

Before continue to next step, we needs to find location of XULRunner SDK first.
It should probably in /usr/lib/xulrunner-1.9.2.12 (mine is). So, you need to make sure.

Then, we can now start compiling Firesheep by issuing these commands
also change xulrunner-sdk path according to your system.
cd firesheep
./autogen.sh --with-xulrunner-sdk="/usr/lib/xulrunner-1.9.2.12"
git submodule update --init

After the last command i got
ptantiku@ptantiku-desktop:~/Desktop/firesheep/firesheep$ git submodule update --init
Submodule 'backend/deps/http-parser' (git://github.com/ry/http-parser.git) registered for path 'backend/deps/http-parser'
Initialized empty Git repository in /home/ptantiku/Desktop/firesheep/firesheep/backend/deps/http-parser/.git/
remote: Counting objects: 697, done.
remote: Compressing objects: 100% (562/562), done.
remote: Total 697 (delta 468), reused 209 (delta 132)
Receiving objects: 100% (697/697), 152.91 KiB, done.
Resolving deltas: 100% (468/468), done.
Submodule path 'backend/deps/http-parser': checked out '459507f534c807d8ba741730fbc36d4b93b133c1'

Run "make" command to build firesheep.xpi

Finally, you'll see firesheep.xpi under build directory (full path: ~/Desktop/firesheep/firesheep/build/firesheep.xpi)


You can now install the XPI into firefox.
My favourite method? open firefox and drag-and-drop the XPI file into it.



After it installed, go to View--> Sidebar --> Firesheep
Firesheep add-on will be shown like this.


I got the problem after I press "Start Capturing" button,
because I didn't set which device I want to capture.



For capturing in wireless adapter, needs to turn wifi monitor mode on
use either command

sudo airmon-ng start wlan0

or

sudo iw wlan0 interface add mon0 type monitor
sudo ifconfig mon0 up


These above commands are for turning the monitor mode on, and creating new interface called "mon0" for monitoring packets.


So, go to Tools--> Add-on --> Firesheep --> Preferences


On the first tab, it should have an option box for you to select the device.

Unfortunately, on my machine, it shows like this (no option at all)

To make it works, I need to run Firefox in super-user mode (sudo firefox)
So, it shows to me like this.

Nice!!!
Ready to get some packets??
(I captured it on my machine using eth1)

IT'S WORKING!!!

Update:
 - Tested working with wifi on my machine (Intel(R) Wireless WiFi Link AGN, with iwlagn patched)
 - If using firesheep-backend --fix-permission , it's no need to run firefox as superuser anymore.
how to?
after install, navigate to the extension directory (mine is  ~/.mozilla/firefox/a6wll3aa.default/extensions/firesheep@codebutler.com/platform/Linux_x86_64-gcc3) 
and  run 'sudo firesheep-backend --fix-permissions'. 
My firesheep-backend  has this permission -r-sr-xr-x root:root. 

Update Jan 19,2010:
 - Facebook changes it's parameters. read more at http://blog.anidear.com/2011/01/updating-facebook-filter-in-firesheep.html

47 comments:

  1. My xulrunner sdk is not in /usr/lib/xulrunner-1.9.2.12. What do I do?

    ReplyDelete
  2. maybe you can try

    cat /var/lib/dpkg/info/xulrunner*.list | grep xpidl

    to see which directory this file is inside.

    ReplyDelete
  3. Actually, I just did it again without put the param "--with-xulrunner-sdk". It still works.

    the autogen.sh (autoreconf) still can detect xulrunner-dev path as shown in this line.

    checking for xpidl... /usr/lib/xulrunner-devel-1.9.2.12/bin/xpidl

    ReplyDelete
  4. ( sudo airmon-ng start wlan0 )
    return => sudo: airmon-ng: command not found


    and

    (sudo iw wlan0 interface add mon0 type monitor
    sudo ifconfig mon0 up )

    retunr => sudo: iw: command not found

    i use ubuntu 10.10 i need help

    ReplyDelete
  5. assel, you need to install either of them.

    airmon-ng comes with aircrack-ng, to install
    sudo apt-get install aircrack-ng

    for iw, sudo apt-get install iw

    ReplyDelete
  6. Sorry friend, i have a problem with hal.

    "checking for HAL... no
    configure: error: Package requirements (hal) were not met:

    No package 'hal' found

    Consider adjusting the PKG_CONFIG_PATH environment variable if you
    installed software in a non-standard prefix"

    I made step by step your instructions on ubuntu 10.10. Have you any idea of how to fix it. I'm not an average linux user. Regards from Spaing.

    ReplyDelete
  7. to Jose,
    I got that problem before, and I fixed it by installed hal and libhal-dev with this command.

    sudo apt-get install hal libhal-dev

    I'm a regular linux user, but I'll try to help you out as much as I can. Otherwise, you have go to the creator and ask the question (on the link above)

    ReplyDelete
  8. sudo apt-get install libhal-dev

    it's ok for me also :)

    ReplyDelete
  9. I have an interface option in firesheep called wlan interface. This is the only option that will capture anything (mod0 works in wireshark, but not with firesheep). Even so, the only packets that it is capturing come from the computer that it is installed on.

    How do I get it to detect other systems?

    ReplyDelete
  10. to 2k,
    is the wireless device in monitoring mode?

    after I turn on monitoring mode on my wlan0,
    I'll get new device called mon0.
    and when I type command "iwconfig", it shows like this.
    "mon0 IEEE 802.11abg Mode:Monitor Tx-Power=14 dBm "

    so I can see it's in monitoring mode.

    ReplyDelete
  11. When I enter "sudo iw wlan0 interface add mon0 type monitor" I get "nl80211 not found."

    I entered iwconfig to see what interfaces I had got "lo no wireless extensions.

    eth0 no wireless extensions.

    eth1 IEEE 802.11 Access Point: Not-Associated
    Link Quality:5 Signal level:200 Noise level:165
    Rx invalid nwid:0 invalid crypt:332 invalid misc:0

    wwan0 no wireless extensions."

    So, I tried instead to run "sudo airmon-ng start eth1" but then my net connection goes down and there's no new interfaces when I run iwconfig

    ReplyDelete
  12. Hi Antonio,
    My guess is your wireless driver(or hardware) is not compatible with the software (either iw or aircrack-ng).

    You can try patch the driver first, if you havn't done it before. Because I got no luck on using original driver came with Ubuntu too.

    Example instructions on patching for Intel Wireless 4965 (if you use it):
    http://airodump.net/packet-injection-wifi-intel-4965/
    http://ubuntuforums.org/showthread.php?t=1598930 (i did this)

    otherwise, this page is a good resource.
    http://www.aircrack-ng.org/doku.php?id=install_drivers

    ReplyDelete
  13. Thanks for the tip! After a lot of reseaching I foudn that the Broadcom STA drivers don't allow monitor mode. So I used the B43 drivers and I can now access monitor mode.

    Now my problem is that no interfaces show up in Firesheep. Upon going to preferences I get an error "Javascript: JSON 1".

    Some research might be needed or maybe it is a bug in the code,

    ReplyDelete
  14. You can download the compiled firesheep .xpi for Ubuntu at http://www.logicfrog.net/2010/11/firesheep-ubuntu-10-10/

    ReplyDelete
  15. I can't get any interfaces to appear. I am running firefox from terminal with sudo firefox. When I go to preferences I get a message that says RefernceError: Cc is not defined.

    I compiled firesheep on my own, had this problem, then used the XPI in the above comment and same problem. This might be a permissions thing still as I was able to compile and run firesheep on this same machine a few days ago when running ubuntu from a USB stick. I've since installed in on the hard drive in this machine and now I get this error all the time.

    I also have a problem with getting my wireless into promic mode. Its a broadcom wireless and I've found there are alternate drivers that I can use. I have a cisco/lynksys wireless that I can use also but I need to get this to see any interfaces first.

    ReplyDelete
  16. To Anonymous,
    I did some searches from the authors' github sites (https://github.com/codebutler/firesheep/pull/31,https://github.com/codebutler/firesheep/issues/issue/70), and here are possible solutions:
    - library missing? install hal, libhal-dev, boost, libpcap
    - backend's permission? after install, navigate to the extension directory (mine is ~/.mozilla/firefox/a6wll3aa.default/extensions/firesheep@codebutler.com/platform/Linux_x86_64-gcc3)and run 'sudo firesheep-backend --fix-permissions'. My firesheep-backend has this permission -r-sr-xr-x root:root.
    - compiling problem? try to see if 'sudo firesheep-backend --list-interfaces' runs properly? if not, it should have been compilation problem. I'm afraid that I couldn't help, better ask the developers.

    ReplyDelete
  17. so I got it to run error free. It was a permissions problem with the interfaces not showing up. I also got a WG111 netgear wireless that works no problem in promisc mode. I still have an issue where I see only my own traffic. This is the interface I'm using

    wlan1 Link encap:Ethernet HWaddr e0:91:f5:23:3a:e9
    inet addr:192.168.1.38 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::e291:f5ff:fe23:3ae9/64 Scope:Link
    UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
    RX packets:438 errors:0 dropped:0 overruns:0 frame:0
    TX packets:161 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:32961 (32.9 KB) TX bytes:22097 (22.0 KB)

    I also tried to make a virtual interface as described here https://github.com/codebutler/firesheep/pull/70 but no luck, same problem. When I use that interface I get nothing at all, not even my own traffic.

    ReplyDelete
  18. installed aircrack-ng still get nothing on mon0 tried it on all interfaces on both wireless devices. no good. the WG111 blinks when I send traffic over the network from my test machine. Is there a way I can test to see if the monitor interface is picking up any traffic. I tried to manually run firesheep-backend from the terminal but I don't know what to use as the filter.

    ReplyDelete
  19. Have you patched it yet?
    The driver comes out-of-the-box usually have problems when we try to do something advanced.

    I got few links for you.
    http://www.modzworlds.com/showthread.php?2863-tools-needed-to-hack-into-wifi
    http://wireless.kernel.org/en/users/Drivers/p54
    http://www.backtrack-linux.org/forums/old-newbie-area/25248-netgear-wg111-v1-instalation.html

    for checking the version, i think 'lsusb' would do the trick.

    ReplyDelete
  20. I followed the instructions at http://forum.aircrack-ng.org/index.php?topic=5755.0 for drivers. WG111v3 has a realtek RTL8187B chipset.
    lshw shows driverversion=2.6.35-22-generic

    still same issue

    ReplyDelete
  21. i tried it and iwconfig shows that mon0 is in monitor mode. But firesheep cannot capture anything... why that?

    ReplyDelete
  22. Did you set the capture interface in Firesheep's preferences yet?

    ReplyDelete
  23. yes, works fine now :) - very nice. Is it possible to save all found cookies? would be nice to save like firesheep finds them, so you can reboot your notebook and can easy choose old found firesheep cookies.

    ReplyDelete
  24. Hi,

    I finally managed to install firesheep and not have any errors and it detects the mon0 I setup using my DWA-652 wireless card (iwconfig confirms mon0 is in monitor mode) and so I sudo firefox, go into settings, select my mon0 interface but it doesn't capture anything.
    I can only get firesheep to capture when I log in on the same computer and that's if I set the interface to my wlan0.

    Please help! I tried some of the diagnostics posted here... I tried "firesheep-backend --list-interfaces" and I got "sudo: firesheep-backend: command not found" I've tried installing this serveral times following the How-Tos on several sites.
    Thank you,
    Schuby

    ReplyDelete
  25. Hi Schuby,

    I think it's strange to know that your settings are working but it's still cannot capture anything.

    Do you mind tell me more about the physical settings? like, capturing with laptop and use phone to login into facebook using the same wireless AP and no encryption, tunnel or anything.

    ReplyDelete
  26. Hi ptantiku,

    Thanks for the quick reply. I run Ubuntu 10.10 32bit on my Acer Aspire 5570 laptop. I'm using a DWA-652 802.11bgn PCMCIA card (Atheros AR5416 chipset)(wlan1). I'm connected to a DIR-655 wireless router through 802.11N with WPA2 security. I ran "sudo airmon-ng start wlan1" and that created mon0 which iwconfig reports that it's in monitoring mode. I do have Firestarter installed but I have it "Stopped" right now. So anyways I go "sudo firefox", select mon0 as the interface and click "Start Capture" and then I log into facebook on my other laptop running 10.0464bit and on my Android phone and firesheep doesn't capture anything. Any ideas?

    Thanks,
    Schuby

    ReplyDelete
  27. So, the problem is from the wireless encryption. Since WPA,WPA2 is using different encryption per user session, you won't be able to sniff others' traffic. My suggestion, try it with wireless AP with Open or WEP protection. It should work.

    ReplyDelete
  28. Okay I will try that. Any reason why that diagnostic I tried with "firesheep-backend" didn't work? When I go to the ~/.mozilla... folder I see "firesheep-backend" but it's highlighted in red and when I try to --list-interfaces it says "command not found"

    I think it's really awesome that you support all the questions you've received on this post.
    Thank you

    ReplyDelete
  29. my bad on the command. The actual command is
    sudo ./firesheep-backend --fix-permissions
    This command will grant that program a superuser privilege, so anybody can run firesheep as root. You will notice the red highlight, or 's' permission-bit when you use ls -l
    But it doesn't matter much to me, if I use it, I always use sudo firefox anyway.

    LoL for the last sentence. I am not either developer/supporter for the tool, but I'd be happy to help you guys out because this is my blog after all. :)

    p.s. I have limited knowledge on Firesheep. I'd recommend to post the question on the developer site also. I think that will also show your support towards his goal on raising people's security-awareness.

    ReplyDelete
  30. Okay so I'm on an open network, I've enabled mon0 and it shows up under Firestarter and is showing constant activity which leads me to believe that it's collecting the packets on the network. The firewall is DISABLED.

    So I go "sudo firefox" select mon0 as my interface and click "Start Capturing" and still nothing. It's a fairly busy coffee shop and I even connected to facebook on my Android phone which is connected to the open network and still nothing.

    Any ideas?
    I really wanna get this working because I have a bunch of friends who go on facebook a lot in open wifi and I wanna show them how vulnerable it is. Although I'm starting to believe this isn't as easy a hack as it's believed.

    ReplyDelete
  31. Interesting. I just tried it again and it doesn't work anymore.

    After my little mod, it's working again.
    The problem is facebook is changing to use 'openid_p' instead of 'sid', to solve this just change it accordingly.

    it's the file named 'facebook.js' in
    ~/.mozilla/firefox/jjdjiquj.default/extensions/firesheep@codebutler.com/handlers (if you run firefox in using sudo, change the starting folder ~/ to /root/ )
    Then, modify the file by replacing 'sid' with 'openid_p' Save and Done.

    It should work now.

    ReplyDelete
  32. hey,

    I changed the facebook.js file both in root and my own account and still nothing :( Only now it won't even capture my facebook activity when I sign in on the same computer, where as before it did.

    Is it possible that Facebook uses a different login method on different servers?

    Any other ideas?

    Thanks.

    ReplyDelete
  33. 'openid_p' is wrong.
    the correct one is 'sct'.
    see my another post at http://blog.anidear.com/2011/01/updating-facebook-filter-in-firesheep.html

    ReplyDelete
  34. Hey ptantiku,

    Every time I try the command
    "./autogen.sh --with-xulrunner-sdk="/usr/lib/xulrunner-1.9.2.13" git submodule update --init

    this is what I get back

    Can't exec "libtoolize": No such file or directory at /usr/bin/autoreconf line 196.
    Use of uninitialized value in pattern match (m//) at /usr/bin/autoreconf line 196.
    autoreconf: Entering directory `.'
    autoreconf: configure.ac: not using Gettext
    autoreconf: running: aclocal --force -I .
    autoreconf: configure.ac: tracing
    autoreconf: configure.ac: not using Libtool
    autoreconf: running: /usr/bin/autoconf --force
    autoreconf: configure.ac: not using Autoheader
    autoreconf: running: automake --add-missing --copy --force-missing
    autoreconf: Leaving directory `.'
    configure: WARNING: you should use --build, --host, --target
    configure: WARNING: you should use --build, --host, --target
    configure: WARNING: you should use --build, --host, --target
    configure: error: unrecognized option: `--init'
    Try `./configure --help' for more information

    Can you please help?

    ReplyDelete
  35. since, it said "Can't exec libtoolize". I think install "libtool" would help. To install:
    sudo apt-get install libtool

    ReplyDelete
  36. HI FRIENDS MY NAME IS ALESSANDRO,THIS IS A GOOD TUTORIAL...BUT WHEN I OPEN PREFERENCES IN FIRESHEEP I HAVE THIS PROBLEM :

    SyntaxXerror:JSON.parse and i can't select interfaces.

    How can I resolve?have you any idea?
    ThX a lot :)

    ReplyDelete
  37. Possibly, there is something error in the source code. Maybe, try download the code again in a next day.

    ReplyDelete
  38. hi ptantiku,can be possible that there is a uncompatibility with firefox 3.6?i haven't resolve problem!!!
    alessandro

    ReplyDelete
  39. I just did it yesterday, on Firefox 3.6.10 from Ubuntu Repo.

    ReplyDelete
  40. ptantiku i was using firesheep and sucess when i compile and using firesheep but it doesnt work just capture session in my computer ... so what i must to do ?? any suggest??

    ReplyDelete
  41. please read the comments first. I think the answer in your question would be here somewhere.

    if not, please provide more specific detail about your problem. What have you done and what are you using, wlan card/wlan encryption/etc ?

    ReplyDelete
  42. i have problem using fireship ., when i using in wireless public no password it working well but when i using in wep key its absoulutely not working ... i read can work in wep key ..can you give me suggest or something like that ??

    i use ubuntu 10.04 and my wlancard is Atheros Communications Inc. AR5001 Wireless Network Adapter

    ReplyDelete
  43. Could you tell me what version of Firefox you're using? Since Firesheep isn't compatible with FF 4 I've been using a method from the Ubuntu documentation: https://help.ubuntu.com/community/FirefoxNewVersion/MozillaBuilds -- to install a FF 3.6.1 alongside FF4 so I can try and get Firesheep working, but I'm wondering what what you recommend.

    ReplyDelete
  44. I think FF 3.6.XX works well with Firesheep. I've tried the latest(3.6.10) after FF 4 was out and it still works.

    One problem for those who use FF4 is Firefox decided NOT TO unpack .xpi file anymore. That's why the capturing program packed inside .xpi remains inside and could not be run by Firesheep. I think the workaround for FF4 is manually extracting .xpi file out in the Firesheep directory(after install) and it should work (although I haven't tried it yet).

    One common problem for people who can run Firesheep, but it captures nothing. The problem causes by Facebook's cookie names are changed. Read my other post here (http://blog.anidear.com/2011/01/updating-facebook-filter-in-firesheep.html) to learn how to find those cookie names and how to update Firesheep's filter accordingly.

    And a final word for this post, I'd like to thank everyone for reading/commenting/sharing this post. I may not answer you guys about Firesheep anymore. since I am not a developer of this project, I recommend anyone who experiences any problem to go to official website here (https://github.com/codebutler/firesheep/issues)

    I just want to donate my time to learn a new thing. If anyone wants me to blog on any other stuff, your suggestions are welcomed.

    ReplyDelete
  45. BTW, Anidear and Ptantiku are both my accounts, just so you know.

    ReplyDelete
  46. Hi , how are you .. i downloaded the firesheep and when i press Start Capturing ” Backend exited with error 1. ” you said ignore this error . but actually i am still trying but it doesn’t work .. i am working on my wifi at home and i really need this firesheep .. please help me

    ReplyDelete
  47. I think I didn't say ignore that error. Firesheep needs the backend program to be running all the time during the capture process.

    ReplyDelete