February 12, 2012 at 16:15

Interception of user accounts in Wi-Fi networks with Android

    imageInformation began to appear on the network about a sniffer for any rooted Android smartphone or tablet (from 2.1), which allows users to log in to other websites of many websites, including Facebook and Vkontakte, on public Wi-Fi networks.
    It's about the DroidSheep program.
    We will talk more about the mechanism of its operation and use.

    So what does the program do at all?


    It intercepts packets traveling on a Wi-Fi network with the click of a button on an Android device.

    What about passwords?


    Suppose a certain Innocent entered a cafe to drink a cup of coffee and climb on Facebook. You launch DroidSheep and after a while you start viewing the Innocent Facebook page. Watch his friends. Read his posts. Write messages. Write on the wall. Remove friends. Delete Innocent account ... Without even knowing it personally.

    How did this happen?


    When Innokenty uses a Wi-Fi network, his laptop or smartphone sends all the data intended for Facebook via air to the cafe’s wireless router. “In the air” in our case means “visible to everyone”, you can read all the data transmitted by Innocent. Since some data is encrypted before sending, you won’t be able to read the password from Facebook, but so that Innocent does not enter his password after each click, Facebook sends Innocent the so-called “session identifier” after entering the system, which Innocent sends to the site when interacting with it. As a rule, only Innocent knows this identifier, since he receives it in encrypted form. But when he uses Wi-Fi in the cafe, he distributes his session identifier via wi-fi to everyone. You accept this session id and use it:

    DroidSheep makes this mechanism easy to use, you just need to start DroidSheep, click "Start" and wait for someone to start using one of the supported websites. You can “jump” into someone else’s session with just one click on the screen. That's all.

    What do i need to run DroidSheep?


    - Android device version older than 2.1
    - Root access
    - DroidSheep (QR code and download link at the end of the article)

    image

    What sites does DroidSheep support by default?


    - Amazon.com
    - Facebook.com
    - Flickr.com
    - Twitter.com
    - Linkedin.com
    - Yahoo.com
    - Live.com
    - Google.com (unencrypted)

    But there is also a “general” mode! Just turn it on, and DroidSheep will record all accounts on the network! Successfully tested with a huge number of already supported accounts and many others (even with WordPress and Joomla should work!)

    Password-protected Wi-Fi networks


    For secure WPA / WPA2 Wi-Fi networks, the program uses DNS-spoofing attacks.
    ARP-Spoofing means that it makes all devices on the network think that DroidSheep is a router, and passes all the data through itself. This can have a significant effect on network speed, so use with caution.

    So how to use?


    Before you start, make sure your phone supports root, the program will not work without it!

    Installation:
    From the author’s site - http://droidsheep.de/?page_id=23
    Or via the QR code -image

    Using:

    Make sure your phone is connected to the WiFi network, launch DroidSheep and click on the “Start” button. Now DroidSheep will listen to sessions. As soon as he intercepted the session marker, he will show it as an entry in the list.

    By default, DroidSheep only intercepts accounts of those services that it knows (Facebook, Yahoo, Google, ...). If you want all accounts on the network to be intercepted, turn on “General mode” - just press the “menu” button on your phone and click “Enable Generic Mode”.
    Note: In Generic mode, DroidSheep fixes all cookie sets on the network, but many of them are not related to the account, and therefore will not allow you to log into someone else's account, but will simply be displayed in the program in the list.

    imageIf you intercepted going to several sites, you will see the list as in the picture. Accounts defined by DroidSheep are colored in green by default, intercepted in general mode - in yellow.

    In general mode, sites that you don’t need will also appear, such as advertising, you can add them to the black list so as not to see them in the program. To clear the entire blacklist, go to the main menu, press the menu and select “clear blacklist”.

    That's all!
    How to use the program (video): droidsheep.de/?page_id=14

    And the last.
    Everyone quickly raised their hands and said: “I swear that I will use the program only to study the operation of network protocols”

    PS From the Market you can also download the “protector” from DroidSheep DroidSheepGuard -market.android.com/details?id=de.trier.infsec.koch.droidsheep.guard.free
    Tags:

    Also popular now: