Blacksheep: Firesheep Protection

Several days after the controversial Firefox extension Firesheep was released, hacker wannabes can now automate HTTP session hijacking on an unencrypted wireless network. Many people came up with different protections like forced HTTPS and VPN. In addition to these available options, a new Firefox plugin called Blacksheep was released by Zscaler security to countermeasure Firesheep.

Blacksheep detects Firesheep by tricking the hacker with a fake cookie. In turn, Blacksheep alerts the user when someone is using Firesheep in the network. It displays the IP address of the hacker and serves as a warning as well. Note that both BlackSheep and Firesheep have the same codebase so you can’t run them simultaneously at the same Firefox session. You can’t play the bad guy and the good guy at the same time. :)

So far, everything about Blacksheep sounds convenient and helpful but as mentioned in PCMag, it is not the best protection against HTTP session hijacking. There are other sidejacking and hijacking tools out there; Blacksheep is specifically tailored for Firesheep so it still leaves you helpless against other unencrypted wireless network exploits.

The best solution is to not use unencrypted wifi at all. If you are stubborn at least use VPN to encrypt the traffic. Consider that you have been warned already. Prevention is always better than cure. Protect yourself.

Scroll to Top