BlackSheep uses compiled code to listen to HTTP traffic. These executables come straight from Firesheep. Firesheep ships with executables for Windows And MacOSX 10.5 (Intel) only, this is why the first release of BlackSheep supports these 2 platforms only.
The number one request I got was to support Linux. The good news is that it is now possible to run BlackSheep on Linux - though it does requires some work to setup.
Too Many Linux environments
The main challenge is that the back-end must be compiled on each possible environment: CPU (x86, x86_64), compiler (gcc 3, gcc 4), and also different versions of libpcap, etc. In the case of Firesheep and BlackSheep, it is not possible to deliver one add-on that would work on all Linux environment.
This means that each Linux user must compile their own version.
Requirements
To make your own Linux version of BlackSheep, you need:
- autoconf 2.61 or higher (autoconf -V)
- libpcap-devel with pcap-config
- xulrunner-sdk (or xulrunner-devel depending on the distribution)
- boost-devel
Here is how to proceed on CentOS.
autoconf 2.61
CentOS provides autoconf 2.59, so a new version must be compiled from source:
wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.65.tar.gz tar xf autoconf-2.65.tar.gz cd autoconf-2.65 ./configure make sudo make install autoconf -V
If autoconf -V still shows the old version, modify your PATH:
export PATH=/usr/local/bin:$PATH
libpcap-devel
The version of libpcap-devel in CentOS is too old. A new one must be installed from source:
sudo yum install flex sudo yum install byacc wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz tar -zxvf libpcap-1.1.1.tar.gz cd libpcap-1.1.1/ ./configure make sudo make install
boost-devel
sudo yum install boost-devel
Back-end from Firesheep
Then, you need to compile the Firesheep-backend. Get the source code for Firesheep for Linux:
sudo yum install git sudo yum install xulrunner-devel git clone git://github.com/mickflemm/firesheep.git cd firesheep git submodule update --init ./autogen.sh --with-xulrunner-sdk=/usr/lib/xulrunner-sdk-1.9.2/ make
Note than xurlrunner could install in a different folder on your Linux box, for example in /usr/lib/xulrunner-devel-1.9.2.12
Check if the back-end works correctly. The directory might be slightly different
cd xpi/platform/Linux_x86-gcc3/ sudo ./firesheep-backend --fix-permissions ./firesheep-backend --list-interfaces
The last command might generate an error. However, this may not be an issue. To check if the packet capture works, try this (you may want to change eth0 to wlan0):
./firesheep-backend eth0 "tcp port 80"
In a different console, try this
wget https://www.zscaler.com/
You should now this this in the first console
./firesheep-backend eth0 "tcp port 80" {"from":"10.10.100.109:37753","to":"72.249.144.174:80","method":"GET", "path":"/","query":"","host":"www.zscaler.com","cookies":"", "userAgent":"Wget/1.11.4 Red Hat modified"}
Congratulations, you'll be able to run BlackSheep on your box.
Next, you need to include the new back-end in the BlackSheep plugin (1.3 or higher):
cd ~ wget https://www.zscaler.com/research/plugins/firefox/\ blacksheep/blacksheep-latest.xpi mkdir blacksheep unzip blacksheep-latest.xpi -d blacksheep/ cd blacksheep cp -r ../firesheep/xpi/platform/* platform/
Edit the file install.rdf Remove the following lines:
[em:targetPlatform];Darwin_x86-gcc3[/em:targetPlatform][em:targetPlatform]WINNT_x86-msvc[/em:targetPlatform]
or add your new platform:
[em:targetPlatform>Linux_x86-gcc3</em:targetPlatform] [em:targetPlatform]Linux_x86_64-gcc3[/em:targetPlatform]
You may also want to disable the updates to keep your custom, stable version. Remove this line, or modify the URL:
[em:updateURL]http://codebutler.github.com/firesheep/update.rdf[/em:updateURL]
You can now create the XPI file:
zip blacksheep-latest-linux.xpi -r *
Now, install BlackSheep. Restart your browser and open blacksheep/blacksheep-latest-linux.xpi.
There is one last step: the permissions must be fixed on firesheep-backend.
cd .mozilla/firefox/ygqde9s7.default/extensions/\ jsobrier\@zscaler.com/platform/Linux_x86-gcc3/ sudo ./firesheep-backend --fix-permissions
The new version of BlackSheep contains Linux versions built on CentOS5 x86 and x86_64. If this does not work in your environment, follow the procedure above.
-- Julien
