The number one request I got was to support Linux. The good news is that it is now possible to run BlackSheep on Linux - though it does requires some work to setup.
Too Many Linux environments
The main challenge is that the back-end must be compiled on each possible environment: CPU (x86, x86_64), compiler (gcc 3, gcc 4), and also different versions of libpcap, etc. In the case of Firesheep and BlackSheep, it is not possible to deliver one add-on that would work on all Linux environment.
This means that each Linux user must compile their own version.
Requirements
To make your own Linux version of BlackSheep, you need:
- autoconf 2.61 or higher (autoconf -V)
- libpcap-devel with pcap-config
- xulrunner-sdk (or xulrunner-devel depending on the distribution)
- boost-devel
autoconf 2.61
CentOS provides autoconf 2.59, so a new version must be compiled from source:
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.65.tar.gz tar xf autoconf-2.65.tar.gz cd autoconf-2.65 ./configure make sudo make install autoconf -V
If autoconf -V still shows the old version, modify your PATH:
export PATH=/usr/local/bin:$PATH
libpcap-devel
The version of libpcap-devel in CentOS is too old. A new one must be installed from source:
sudo yum install flex sudo yum install byacc wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz tar -zxvf libpcap-1.1.1.tar.gz cd libpcap-1.1.1/ ./configure make sudo make install
boost-devel
sudo yum install boost-devel
Back-end from Firesheep
Then, you need to compile the Firesheep-backend. Get the source code for Firesheep for Linux:
sudo yum install git sudo yum install xulrunner-devel git clone git://github.com/mickflemm/firesheep.git cd firesheep git submodule update --init ./autogen.sh --with-xulrunner-sdk=/usr/lib/xulrunner-sdk-1.9.2/ make
Note than xurlrunner could install in a different folder on your Linux box, for example in /usr/lib/xulrunner-devel-1.9.2.12
Check if the back-end works correctly. The directory might be slightly different
cd xpi/platform/Linux_x86-gcc3/ sudo ./firesheep-backend --fix-permissions ./firesheep-backend --list-interfaces
The last command might generate an error. However, this may not be an issue. To check if the packet capture works, try this (you may want to change eth0 to wlan0):
./firesheep-backend eth0 "tcp port 80"
In a different console, try this:
wget http://www.zscaler.com/
You should now this this in the first console:
./firesheep-backend eth0 "tcp port 80"
{"from":"10.10.100.109:37753","to":"72.249.144.174:80","method":"GET",
"path":"/","query":"","host":"www.zscaler.com","cookies":"",
"userAgent":"Wget/1.11.4 Red Hat modified"}Congratulations, you'll be able to run BlackSheep on your box.
Next, you need to include the new back-end in the BlackSheep plugin (1.3 or higher):
cd ~
wget http://www.zscaler.com/research/plugins/firefox/\
blacksheep/blacksheep-latest.xpi
mkdir blacksheep
unzip blacksheep-latest.xpi -d blacksheep/
cd blacksheep
cp -r ../firesheep/xpi/platform/* platform/Edit the file install.rdf Remove the following lines:
[em:targetPlatform];Darwin_x86-gcc3[/em:targetPlatform][em:targetPlatform]WINNT_x86-msvc[/em:targetPlatform]
or add your new platform:
[em:targetPlatform>Linux_x86-gcc3</em:targetPlatform] [em:targetPlatform]Linux_x86_64-gcc3[/em:targetPlatform]
You may also want to disable the updates to keep your custom, stable version. Remove this line, or modify the URL:
[em:updateURL]http://codebutler.github.com/firesheep/update.rdf[/em:updateURL]
You can now create the XPI file:
zip blacksheep-latest-linux.xpi -r *
Now, install BlackSheep. Restart your browser and open blacksheep/blacksheep-latest-linux.xpi.
There is one last step: the permissions must be fixed on firesheep-backend.
cd .mozilla/firefox/ygqde9s7.default/extensions/\
jsobrier\@zscaler.com/platform/Linux_x86-gcc3/
sudo ./firesheep-backend --fix-permissionsThe new version of BlackSheep contains Linux versions built on CentOS5 x86 and x86_64. If this does not work in your environment, follow the procedure above.
-- Julien
Posts
16 comments:
The backend compiles for me and dumps traffic as described, but it segfaults immediately when it sees IPv6 traffic.
Is this a known limitation at the moment?
Great work anyway :)
firesheep-backend, as it names suggest, comes straight from Firesheep. Could you open a bug with them: https://github.com/codebutler/firesheep/issues
About Ipv6 crash - In the mean time, you can exclude all Ipv^ traffic. Go to about:config, look for extensions.firesheepdetection.capture_filter and set it to " ip and tcp port 80". I;ll change the default value in the next release.
Is this intended to be used on mon0, or the network you're actually connected to?
Also: I don't get an "ok" button when I view the addon preferences. Is there a way to tell if it's actually working?
about mon0 - Choose whatever network interfaces is on: eth0 if is a wired connection, wlan0 for wireless, etc. mon0 is usually a virtual interfaces set up to monitor several physical interfaces. ifconfig will tell you which interface you should use.
"ok" button - Indeed, no OK button. if you want to see how BlackSheep is working, you can check the error console. if you want to double check which interface is selected,enter about:config in the address bar and look for extensions.firesheepdetection.capture_interface
Why does it need root permissions to run?
firesheep-backend listens to network interfaces, which requires root access. Once you runce firesheep-backed --fix-permissions, you do not need root access anymore
Hi !
Does CentOS the same architecute as Ubuntu ? I mean, does the lastest work with ubuntu ? Is the compilation essential for Ubuntu ?
(I suspect the author compile it on CentOS just to avoid Ubuntu users =D
I'm kidding !)
About Ubuntu. You can try version 1.5. If it works on Ubuntu (i.e. firesheep-backend executes fine), then you're good. But if you have different library versions, a different gcc, etc. you will have to compile your own version.
I was able to compile it in ubuntu 10.10 64 bits. I install it perfectly. I run it and I get the Javascript Error "cc is not defined". I edit manually in about:config the interface and I now get the json_parse error :D
I tried the command line with the firesheep-backend and I'm able to capture via the command line, but on the list of interfaces I got an error, that I think that make unusable the xpi.
@Raul DO you have version 1.5? In this version, I show a list of common interfaces (eth0, wlan0, mon0) on Linux in case I cannot get the list of interfaces from Firesheep-Backend. This is the case on my CentOS, but the plugin still works fine for me.
Hi, on Ubuntu 10.10 64bit I get to the make command and I receive the following errors. Is it due to one specific missing library (maybe some sub-part of xulrunner?):
$ make
Making all in mozpopen
make[1]: se ingresa al directorio «/tmp/firesheep/mozpopen»
mkdir -p ../xpi/platform/Linux_x86_64-gcc3/components
g++ -shared -fno-rtti -fPIC MozPopenModule.cpp unix/MozPopenProcess.cpp -g -O2 -I ../mozpopen -I ../mozpopen/unix -mtune=generic -m64 -fshort-wchar -I/usr/include/xulrunner-2.0b9pre -L/usr/lib/xulrunner-devel-2.0b9pre/lib -lxpcomglue_s -lxul -lxpcom -lmozalloc -lplds4 -lplc4 -lnspr4 -lpthread -ldl -o ../xpi/platform/Linux_x86_64-gcc3/components/MozPopen.so
MozPopenModule.cpp:24: fatal error: nsIGenericFactory.h: No existe el fichero o el directorio
compilation terminated.
In file included from /usr/include/xulrunner-2.0b9pre/nscore.h:50,
from /usr/include/xulrunner-2.0b9pre/nsXPCOMStrings.h:42,
from /usr/include/xulrunner-2.0b9pre/nsStringAPI.h:53,
from unix/MozPopenProcess.cpp:24:
/usr/include/xulrunner-2.0b9pre/mozilla/mozalloc.h:109: error: expected initializer before ‘NS_ATTR_MALLOC’
[...and a series of other NS_ATTR_MALLOC errors follow...]
Just in case it would be obvious for you.
Hi, I successfully installed firesheep and blacksheep in my Fedora 14. My network interfaces are 'eth0' and 'lo'.
In my own understanding, this two plugins should not be both enabled in one firefox profile, right?
So, how can I test these two if it's actually working?
@Ryan
lo is your loopback interface, you will not see anything interesting there.
eth0 is likely your ethernet (wired) interface. You will see your own traffic only, unless you;re plugged to a hub, so BlackSheep will not be able to see the traffic for someone using Firesheep on your wired network. However, if eth0 is indeed your wireless interface, choose this one.
Post a Comment