Prevent the detection of firesheep by other tools

[onuisx]

If someone query a fake access to a site that Firesheep handles and listen back on the channel for an access with that credential can be sure that Firesheep is running on the network. This is because Firesheep create an active connection to retrieve the user identity. To avoid the detection, yousould be able to put firesheep in "listening only" mode and later being able to access the profile information (name and picture).

For example firesheep could have an option for "listening only". When it capture a session, it should show a generic picture/name for a capture login/password. (ex: Facebook User, Amazon user, etc.). Right clicking on that name could have the option to find who the user is. firesheep could also have a "Find all" option to retrieve all identities.

The right way to detect the user identity is not to query anything but sniffing the data from the network in the http session. That complicates a little the sniffer.

Firesheep should also have a warning when the user click on the unidentified user. Something like "This action can reveal your identity to a smart sysadmin listening. Do you want to proceed? Yes/No"