PinoyShare
Hello Guest ! Welcome to PinoyShare Forum

An Exclusive Mobile and PC Chat community , You can share files,information and start a discussion

Also Register Now to be able to download Games,Movie,TV Shows, Free Internet, VPN User and More
Log in
Search
Display results as :
Advanced Search
Top posting users this week
Who is online?
In total there is 1 user online :: 0 Registered, 0 Hidden and 1 Guest

None

View the whole list

Similar Topics


Share
View previous topicGo downView next topic
avatar
Admin
Posts : 142
P-Cash P-Cash : 5382074
Reputation : 3
Join date : 2015-01-17
View user profilehttp://pinoyshare.forumtl.com

[android app] hack someone's account who is connected to the same wifi

on Fri Apr 15, 2016 11:48 pm
DroidSheep


Download Here




What is this about?
If you know Firesheep or Faceniff, you probably know what this is about – OpenSource one-click session hijacking using your android smartphone or tablet computer.

If you do not know one of these tools, I’ll try to explain what DroidSheep is.

Maybe you know Bob. Bob is a wellknown person and Bob loves coffee. Every morning, he takes his laptop and visits one the famous green coffee bars, has a “grande vanilla latte” and writes messages to his facebook friends. For doing that, Bob uses the coffee bars WiFi – because it´s free and fast.

One Morning, Bob is just writing a message to his girlfriend, Eve enters the coffee bar. Eve has an Android phone and Eve uses DroidSheep. After ordering a “venti caramel macchiato”, Eve sits down, takes her phone and starts browsing facebook. Using Bobs identity. She can watch at his friends. Read his messages. Write messages. Write wall posts. Remove friends. Delete Bobs account. Without getting ever in touch with Bob.

What happened?

When Bob is using the WiFi, his laptop sends all the data intended to be received by facebook, over the air to the coffee bars wireless router. As “over the air” means “captureable by everybody”, Eve (or her phone) can read all the data sent by Bob. As some data is encrypted before being sent, she cannot read Bobs facebook password, but in order not to make Bob enter his password after each click, facebook sends Bob a so called “session id” after logging in, which Bob sends with each interaction, making it possible for facebook to identify Bob. Usually only Bob knows this id, as he receives it encrypted. But when Bob uses the coffee bars WiFi, he spreads his session id over the air to everybody. So Eve takes this session id and uses it as hers – and facebook cannot determine, if Bob or Eve uses this id.

DroidSheep demonstrates how easy an attack like this can be – Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click. That´s it.

Although DroidSheep is not made for doing such attacks, anyone can test and assure that it really works. For the ones who are interested in how this works, there is the source code public available (see download section).

DroidSheep is NOT INTENDED TO STEAL IDENTITIES.
It shall show the weak security properties of big websites.
Please be always aware of what you’re doing.
I AM NOT RESPONSIBLE FOR ANY DAMAGES THAT HAPPEN BY USING THIS SOFTWARE!

NOTE: The application only works on rooted android phone models.

Reference:
Koch, Andreas (n.d.). Droidsheep. Retrieved July 24,2015 from http://droidsheep.de/
View previous topicBack to topView next topic
Permissions in this forum:
You cannot reply to topics in this forum