HOW TO HACK FACEBOOK, TWITTER WITH ANDROID APP DROIDSHEEP - HACKING Begins

April 29, 2012

HOW TO HACK FACEBOOK, TWITTER WITH ANDROID APP DROIDSHEEP


Welcome again to "HACKING begins - An approach to introduce people with the truth of HACKING". 
DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open and WEP Encrypted networks that includes WPA and WPA2 networks (PSK)
 DroidSheep enables Android-based man in the middle attacks against a wide range of Web sites, including Facebook.com, Flickr.com, Twitter.com, Linkedin.com, and non-encrypted services like “maps” on Google. There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transferred to its receiver but also to any other party in the network within the range of the radio waves. 
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.


How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.

Thanks and Regards  
Sahil Mahajan C|EH

1 comment:

  1. Sahil Bhai that means we should be very careful while using the android mobiles. Nothing is safe and anything is hackable.

    ReplyDelete

I hope you got some great ideas in this post! Please feel free to share additional ideas or query.