Why does fireshepard kill firesheep?

Question

I presume there is a bug in the firesheep which fireshepard exploits.
The responsible line might be in that weird string in cookie value for facebook.

fireshepard source
firesheep source

Answer 1

Just ran both FireShepard and FireSheep, that "weird string" causes a syntax error while parsing the JSON result for the mock Facebook cookie because the input is not properly escaped.

see Issue 88

It looks like the specific place it is failing is in FiresheepWorker.js in this portion of the code:

/* Read stdout until process exits */
      var line;
      while (line = process.ReadOutputLine()) {
        var packet = JSON.parse(line);
        this._processPacket(packet);
      }

      /* Read any errors */
      var errors = [];
      while (line = process.ReadErrorLine()) {
        errors.push(line);
      }

Here is the Cookie value from Fireshepard source for reference :

"Cookie: lsd=spsse; c_user=666660000; sct=01010101; sid=0; xs=3randomhashyes666666666; asdf=??????????????!!!!!!!!!!!!!!!!!!!!%•eëÒˆY¼¥­Áøþh¡F4£A€ º¦SÍÂÝåt¹Òv5þhèŸË&%%¥Ô$FsnÄ‹xÏÏvVfi6ƒÊìÈ_7νçÜQlXËFÿë~~½¹ùÉÛ,÷7¬ùüyóÇ>hº_ošŸ¿ÄGÜ5¼yy{ÃZÆ|øË,þÊjo¬´­W¢y¹¹y5ù|Êmk¤P“Ãt¦[%´Ô“û)7­°f²›ÎDk¹0vò€_ykW“ÛÝ=þ‹ËV©&«þ×åtfç­ðÔS{/Z9Yàé½n­lãï¬ÅÇÛåô/u#8“´Ã—¯±šÿìÇúyøëO^ˆn73®¥“Њ·LÄÏ1MKºGGÖ: Íìd3MÇiñ_õ{[Ïs§‡0gÂë´ ž»°n~)ºù…áF7ÂKÙzG_O~9}ùöÆ1XÓ™4ÀwSA»Ó<Ø®ûu…ß“™×SÕ2ãŸ,¦®åÒ11ÙçN‡Ý|—×ÿI·Íâœa˜ŠÃÞgtçÓ´Áeþm?å¢0Éb:K“RÛv:KÓ¯º£øìåÍïoð¡nþtÃ-Ó€@có­tͦo±Íúæó³L+>… 5- ÃÒX&bð³lˆ[ $¯DZJ\r\n\r\n"; request+="\r\n";