{[['
']]}
']]}How to Hi-jack other facebook user's session nearby?
For educational purposes only.
What is session hi-jacking?
It is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
What applications can be used to do this?
One of them is DroidSheep. DroidSheep is an easy-to-use session hi-jacking tool for android devices version 2.2 and above.
Which pages does DroidSheep support?
DroidSheep nearly supports all pages using cookies!
If you want to see all cookies and capture more accounts, enable generic mode to see them. If Generic mode is disabled, you´ll only see profiles, DroidSheep recognizes – but there can be some more on the air.
DroidSheep nearly supports all pages using cookies!
If you want to see all cookies and capture more accounts, enable generic mode to see them. If Generic mode is disabled, you´ll only see profiles, DroidSheep recognizes – but there can be some more on the air.
DroidSheep supports nearly all Websites using Cookies!
With “generic”-Mode enabled, DroidSheep will capture all cookies in the network! This means, any account without HTTPS is at risk.
Successfully tested with ALL already supported Accounts and a lot of other ones.
With “generic”-Mode enabled, DroidSheep will capture all cookies in the network! This means, any account without HTTPS is at risk.
Successfully tested with ALL already supported Accounts and a lot of other ones.
Limitations
DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks.
For WPA/WPA2 it uses an DNS-Spoofing attack.
DNS-Spoofing, means it makes all devices within the network think, the DroidSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data.
DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks.
For WPA/WPA2 it uses an DNS-Spoofing attack.
DNS-Spoofing, means it makes all devices within the network think, the DroidSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data.
How does this work?
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
Where can I download DroidSheep?
You can download the .apk file HERE .
Post a Comment