A Firefox extension that was designed to demonstrate the serious issue of HTTP session hijacking (sidejacking). Many websites allow its users to submit a username and password on-site, and then after checking for matching account information, the server replies back with a cookie that will be used by your Web browser for all subsequent requests. The cookie in this scenario is vulnerable to HTTP session hijacking. The Firesheep Firefox extension is designed to illustrate how easy this sensitive information can be sidejacked and to encourage website owners to offer more secure login-ins, such as full end-to-end encryption (HTTPS or SSL).
Firesheep was designed by Eric Butler, a freelance web application and software developer in Seattle, WA.
See also “10 Ways to Protect Yourself from Firesheep Attacks” on eSecurityPlanet.
