Here's a setting I made for getting Stack Overflow cookies. Please note that I don't even know how to write "leet" and I made this by just looking at other settings in Firesheep, and asking on Stack Overflow about how to traverse the page HTML to get the user name. If I create an open Wi-Fi network at home, sign out of Stack Overflow on one computer (with Firesheep running) and then look at a Stack Overflow page on another computer (which is already signed in) I can get access without the login.
I don't think it's a huge deal for Stack Overflow. The worst you can do is impersonate a user and call other people names. Even deletes can be rolled back. It's much more serious for Gmail. That said, I'd like to be able to see what IP addresses have accessed my account.
Using this plugin, I've noticed that it's hard to use Google search on an open Wi-Fi without exposing your Google cookie. Even going to https://google.com redirects you to the insecure site. Worse, Google seems to ping home, exposing your Gmail account (even without visiting gmail, even if you have the "always use https" set in Gmail). If you want to search securely, you can use HTTPS anywhere, but I found it very buggy.
I hope you don't think I'm being irresponsible for posting this. Don't forget, ANYONE CAN DO THIS. Look at how simple the code is. It took me very little time to create, and very little knowledge (copying the template from another setting, looking at cookie names in Firefox, some JavaScript help). I actually started thinking about this after seeing this question on Meta Stack Overflow and finding nothing under the Firesheep tag on Stack Overflow.
register({
name: 'Stack Overflow',
url: 'http://stackoverflow.com/',
domains: [ 'stackoverflow.com' ],
sessionCookieNames: [ 'usr', '__utmz', '__utma' , '__qca' ],
identifyUser: function () {
var resp = this.httpGet(this.siteUrl);
this.userName = resp.body.querySelectorAll('a')[3].textContent;
}
});
