Interception of user accounts in Wi-Fi networks with Android

The network began to appear information about the sniffer under any standard smartphone or tablet on Android (from 2.1), allowing you to go under someone else’s accounts on many websites, including Facebook and Vkontakte, in public Wi-Fi networks.
It's about the DroidSheep program.
Let's talk about the mechanism of its work and use in more detail.

So what does the program do?

It intercepts packets that go to a Wi-Fi network with one click on an Android device.

And where are the passwords?

Suppose a certain Innocent went into a cafe to have a cup of coffee and climb on Facebook. You launch DroidSheep and after a while start browsing the Innocentia Facebook page. Watch his friends. Read his posts. Write messages. Write on the wall. Delete friends. Delete Innocent's account ... Even without knowing him personally.

How did this happen?

When Innocent uses a Wi-Fi network, his laptop or smartphone sends all data destined for Facebook over the air to the cafe's wireless router. "By air" in our case means "visible by all", you can read all the data transmitted by Innocent. Since some data is encrypted before being sent, you cannot read the password from Facebook, but so that Innocent did not enter his password after each click, Facebook sends Innocent a so-called “session identifier” after logging in, which Innocent sends to the site when interacting with it. As a rule, only Innokenty knows this identifier, since he gets it in encrypted form. But when he uses Wi-Fi in a cafe, he distributes his session ID via wi-fi to everyone. You accept this session ID and use it: facebook cannot determine if Innocent and you are using the same ID.
')
DroidSheep makes this mechanism easy to use, you just need to start DroidSheep, click Start and wait for someone to start using one of the supported websites. "Jump" in someone else's session can be only one click on the screen. That's all.

What you need to run DroidSheep?

- Android device version older than 2.1
- Root access
- DroidSheep (QR code and download link at the end of the article)

What sites does DroidSheep support by default?

- Amazon.com
- Facebook.com
- Flickr.com
- Twitter.com
- Linkedin.com
- yahoo.com
- Live.com
- google.com (unencrypted)

But there is also a “common” mode! Just turn it on, and DroidSheep will capture all accounts in the network! Successfully tested with a huge number of already supported accounts and many others (even with WordPress and Joomla should work!)

Password-protected Wi-Fi networks

For protected WPA / WPA2 Wi-Fi networks, the program uses DNS-Spoofing attacks.
ARP-Spoofing means that it makes all devices on the network think that the DroidSheep is a router, and passes all data through itself. This can have a significant effect on network speed, so use with caution.

So how to use?

Before starting, make sure that your phone supports root, without it the program will not work!

Installation:
From the author's site - http://droidsheep.de/?page_id=23
Or by QR code -

Using:

Make sure your phone is connected to a WiFi network, launch DroidSheep and click the “Start” button. Now DroidSheep will listen to the sessions. As soon as he intercepted the session marker, he will show it as an entry in the list.

By default, DroidSheep intercepts accounts of only those services that it knows (Facebook, Yahoo, Google, ...). If you want all accounts on the network to be intercepted, turn on "Shared mode" - just click the "menu" button on your phone and click on "Enable Generic mode".
Note: In Generic mode, DroidSheep captures all sets of cookies on the network, but many of them do not belong to the account, and therefore will not allow you to log into someone else's account, but will simply appear in the program in the list.

If you intercepted walking on several sites, you will see a list like in the picture. The accounts defined by DroidSheep are by default colored in green, captured in general mode - in yellow.

In the general mode, you will also see sites that you do not need, such as advertising, you can add them to the black list, so as not to see them in the program. To clear the entire black list, go to the main menu, click the menu and select “clear black list”.

That's all!
How to use the program (video): droidsheep.de/?page_id=14

And the last.
Quickly everyone raised their hands and said: “I swear that I will use the program only to study the operation of network protocols”

PS From the Market, you can download the “defender” from DroidSheep DroidSheepGuard - market.android.com/details?id=de.trier.infsec.koch.droidsheep.guard.free