Why does fireshepard kill firesheep?

I presume there is a bug in the fi开发者_如何转开发resheep which fireshepard exploits.

The responsible line might be in that weird string in cookie value for facebook.

fireshepard source

firesheep source

---

Just ran both FireShepard and FireSheep, that "weird string" causes a syntax error while parsing the JSON result for the mock Facebook cookie because the input is not properly escaped.

see Issue 88

It looks like the specific place it is failing is in FiresheepWorker.js in this portion of the code:

/* Read stdout until process exits */
      var line;
      while (line = process.ReadOutputLine()) {
        var packet = JSON.parse(line);
        this._processPacket(packet);
      }

      /* Read any errors */
      var errors = [];
      while (line = process.ReadErrorLine()) {
        errors.push(line);
      }

Here is the Cookie value from Fireshepard source for reference :

"Cookie: lsd=spsse; c_user=666660000; sct=01010101; sid=0; xs=3randomhashyes666666666; asdf=??????????????!!!!!!!!!!!!!!!!!!!!%•eëÒˆY¼¥­Áøþh¡F4£A€ º¦SÍÂÝåt¹Òv5þhèŸË&%%¥Ô$FsnÄ‹xÏÏvVfi6ƒÊìÈ_7νçÜQlXËFÿë~~½¹ùÉÛ,÷7¬ùüyóÇ>hº_ošŸ¿ÄGÜ5¼yy{ÃZÆ|øË,þÊjo¬´­W¢y¹¹y5ù|Êmk¤P“Ãt¦[%´Ô“û)7­°f²›ÎDk¹0vò€_ykW“ÛÝ=þ‹ËV©&«þ×åtfç­ðÔS{/Z9Yàé½n­lãï¬ÅÇÛåô/u#8“´Ã—¯±šÿìÇúyøëO^ˆn73®¥“Њ·LÄÏ1MKºGGÖ: Íìd3MÇiñ_õ{[Ïs§‡0gÂë´ ž»°n~)ºù…áF7ÂKÙzG_O~9}ùöÆ1XÓ™4ÀwSA»Ó<Ø®ûu…ß“™×SÕ2ãŸ,¦®åÒ11ÙçN‡Ý|—×ÿI·Íâœa˜ŠÃÞgtçÓ´Áeþm?å¢0Éb:K“RÛv:KÓ¯º£øìåÍïoð¡nþtÃ-Ó€@có­tͦo±Íúæó³L+>… 5- ÃÒX&bð³lˆ[ $¯DZJ\r\n\r\n"; request+="\r\n";