Hi G33ks, One of my intrests..... Mobile Security - Hijacking Sessions
Essentially, what Firesheep is for computers, FaceNiff is for the Android platform. Just that it has a lesser number of “services”. Ofcourse this can be changed by adding new targets and it tends to be a lot more easier to use as you can not carry your laptop everywhere. So, FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to. It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). >From the applications name, it is evident that it is being marketed as a Facebook specific Android application. Unlike Firesheep, you can hijack only 3 profiles with this Android application. If you want to hijack some more profiles and be a Rambo, you need to pay. List of supported services: FaceBook Twitter Youtube Amazon Nasza-Klasa This Android application also needs a “rooted” device. But, it does seem to support a lot of mobile devices. Some of the tested devices are as follows: HTC Desire CM7 Original Droid/Milestone CM7 SE Xperia X10 Samsung Galaxy S Nexus 1 CM7 HTC HD2 LG Swift 2X LG Optimus Black – original rom LG Optimus 3D – original rom Samsung Infuse Standard notices such as – “use it on your own phones for testing/ educational purposes only” and “use it only if this is legal” apply. It also suffers from the same drawbacks such as Firesheep. It will NOT work if yout target is smart enough and uses HTTPS/SSL to access the above mentioned services. The author mentions that this application, due to its nature is very phone-dependant. So, if it does not work for you, you should try contacting the author. A very good thing about this Android application is that it is under constant development. Just today, the support for Amazon.com was added while fixing a lot of bugs. Download: http://faceniff.ponury.net/FaceNiff-1.9.2.apk Cheers, 0xN41K -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
