Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
WireSheep shows you each user on the network and all the HTTP requests they're making in a pretty News Feed, a la Facebook.
C++ C JavaScript Objective-C Other
branch: master
Failed to load latest commit information.
backend fixed readme formatting and patched things up to work with qt 4.8
firesheep-legacy more reorganizing
frontend Added back fireflock.qrc so project builds
qt
web Organized dirs. Added initial website (just a logo, for now, with som…
.gitignore Linking stuff up
README.md

README.md

WireSheep

by Feross Aboukhadijeh & John Hiesey & Daniel Posch & Nikil Viswanathan

Wireshark + Firesheep = WireSheep

WireSheep lets you sniff packets on an open WiFi network. Instead of just stealing login cookies, like Firesheep, it lets you see traffic in realtime, like Wireshark.

WireSheep shows you each user on the network and all the HTTP requests they're making.

Features

  • Extensible set of filters. The basic filter just shows the URL of each request, and you can click on it to see the page. The Youtube filter, for example, matches YT URLs and shows a mini embedded video. The Facebook filter looks for FB responses and sets the user name (eg "User 3" becomes "Dan Posch").

Current bugs

  • Doesn't handle packet reordering or resending.

Feature ideas

These are things we might implement soon.

  • "Follow mode": click on a username to follow just them. Get a big that shows whatever they&#39;re currently seeing.</li> <li>Firesheep&#39;s original functionality: allow filters (eg the FB filter) to scrape session cookies. Provide a list of hijackable sessions.</li> <li>Google filter: show each Google query a user enters.</li> <li>Hacker News filter: eg replace &quot;User 4&quot; with &quot;dcposch&quot;.</li> <li>More filters!</li> </ul> <h2>Architecture</h2> <p>Currently: C++/QT app, compiled together with a modified Firesheep backend (uses pcap / winpcap). The app creates a QWebFrame (embedded WebKit). The Qt part is just plumbing: it gets sniffed requests from Firesheep, sends them to the JS/HTML frontend as blobs of JSON. </p> <p>Future: same JS/HTML frontend. We&#39;ll run a local server (eg using Python&#39;s SimpleHTTPServer) for the backend. </p> <p>Advantages: simpler, removes dependency on Qt, cleaner builds. By separating the backend from the frontend, we could also spy on open networks without physically present--eg one laptop is sniffing packets and running the server, remote laptop connects to the server.</p> <h2>Build instructions</h2> <p>Go to the &#39;qt&#39; dir.</p> <blockquote> <p>cd qt</p> </blockquote> <p>On Mac OS X:</p> <blockquote> <p>qmake -spec macx-g++<br> make clean all<br> open fireflock.app</p> </blockquote> <p>On Linux/Unix:</p> <blockquote> <p>qmake<br> make clean all<br> ./fireflock</p> </blockquote> <p>On Windows:</p> <blockquote> <p>qmake<br> nmake clean all<br> debug\fireflock.exe</p> </blockquote>
Something went wrong with that request. Please try again.