I downloaded it just to check it out, since the concept (showing that many websites need to go to SSL) was pretty cool. I was wondering, however, what the filter was and how does tcp port 80 differ from anything else.
Asked
Active
Viewed 1,050 times
0
tekknolagi
- 1,420
1 Answers
3
TCP port 80 is the port you send HTTP requests to on a webserver. This is as opposed to TCP port 443, which is used to carry HTTPS (SSL-encrypted) traffic. Because SSL-encrypted traffic is encrypted using a key that only the webserver posesses, you cannot easily determine the contents of requests going to a server on port 443, in most cases. on port 80, though, traffic is being sent in plaintext (easily readable), so it's trivial to see what's in the requests, even if they're someone elses. All websites that require you to sign in should be taking advantage of SSL, unfortunately many aren't.
As far as filters, firesheep starts off by capturing every single packet that travels across the network. Once it's done that it needs to find out what packets are interesting. This is the filtering process. Although I don't know how Firesheep actually works, it probably starts out by looking for requests to websites it's familiar with (e.g. facebook), and it then looks for requests that look like a login attempt. It knows the format of the facebook login form, so it can just pull out the 'username' and 'password' fields from the packet.
jcrawfordor
- 16,449