A Firefox extension that demonstrates HTTP session hijacking attacks.
Created by:
- Eric Butler eric@codebutler.com
Contributors:
- Ian Gallagher crash@neg9.org
- Michajlo Matijkiw michajlo.matijkiw@gmail.com
- Nick Kossifidis mickflemm@gmail.com
Start by grabbing the code using Git. If you're planning to contribute, fork the project on GitHub.
$ git clone https://github.com/codebutler/firesheep.git
$ git submodule update --init
See instructions for your platform below. When done, an xpi will be created inside the build
directory. Load the extension into Firefox by dragging it into the Addons dialog.
- Install boost using Homebrew (
brew install boost
). - Download and extract the Mozilla SDK. You'll probably want the i386 Gecko 1.9.2 download.
- Run autogen, specifying the path where you extracted the Mozilla SDK to (
./autogen.sh --with-xulrunner-sdk=/path/to/sdk
). - Run
make
!
If you're using 10.6 (Snow Leopard) and xpidl complains about libIDL, copy everything in contrib/osx/ to ~/lib/.
- Install build dependencies (
sudo apt-get install autoconf libtool libpcap-dev libboost-all-dev libhal-dev xulrunner-1.9.2-dev
). - Run
./autogen.sh
thenmake
.
This has so far only been tested on Windows XP (32-bit), however the binaries work fine on Windows 7 too. If you can help simplify this process please let me know.
- You'll need Microsoft Visual Studio 2005. The express edition should work too, but this hasn't been tested. Newer versions of Visual Studio should also work, but the Makefiles might need a bit of tweaking. Patches in this area greatly appreciated.
- Install Cygwin, selecting the following packages:
automake-1.11
,gcc-g++
. - Install BoostPro. Choose Visual C++ 8.0 and Multithreaded debug, static runtime.
- Install WinPcap.
- Download and extract the Mozilla SDK (Gecko 1.9.2).
- From a Cygwin command prompt: Run autogen, specifying the path where you extracted the Mozilla SDK to (
./autogen.sh --with-xulrunner-sdk=/path/to/sdk
) then runmake
!