eric buthSolve Firesheeping (Sidejacking) with GlimmerBlocker
GlimmerBlocker is an absolutely essential piece of Mac software that gives you the ability to run a local proxy that can modify or block any web request or response on your machine. It’s billed as an adblocker, but another great use was made apparent today by the advent of Firesheep, a proof-of-concept tool that makes it easy to perpetrate sidejacking attacks and break into people’s Facebook accounts and whatnot.
The “simple” solution is to use HTTPS whenever you exchange cookes with these sites, but that’s easier said than done. That means every time you click a link, or run JavaScript on a page you have to check all the URLs, and even one mistake could cost you.
Enter GlimmerBlocker. In the glimmer blocker control panel, add a new rule that effects facebook.com (just an example).
Then click the “request” tab and add the following three lines of JavaScript.
if(!gb.request.url.indexOf('http://')){
gb.response.sendRedirect(gb.request.url.replace('http://', 'https://'));
}
So that it looks like this.
And that should do it. All of the requests are intercepted before they are sent to Facebook, so your cookies should be safe. There are also individual browser plugins to accomplish this task, but I greatly prefer GlimmerBlocker.