Hack Through Android Using DroidSheep (HTTP Session Hijacking)

Posted: December 17, 2012 in Android
Tags: , , , , ,
Android is one of the best and most famous operating system for mobile devices, mobile devices is now a important part of our life and we are using it every where in any condition. There are a lot people that are using Wifi on their mobile devices. Look at the past when we had a Firefox ad ons that can hijack Facebook, Twitter and other social networking websites sessions and the tool is called Firesheep, after this we got FaceNiff the purpose is same means session hijacking while Faceniff is for android OS.
Now there is another best tool for Android OS that can hijack session and it called Droidsheep.

What is DroidSheep?

DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open andWEP Encrypted networks that includes WPA and WPA2 networks (PSK) According to the author, all websites are vulnerable that includes Google.com, facebook.com. BTW we have tested it with Facebook :-)

What are the requirements to run DroidSheep on Android phones?

You have to make sure the following checklist that we have tested on our SamSung Galaxy S phone with Andriod 2.3.4 :-)

  • libpcap
  • arpspoof  – It can be install using Android Market
  • Your phone Must Be ROOTED in order to use this application.
  • and yes.. DroidSheep.

Step 1

Once you have installed DroidSheep in your Android, run the application. An agreement will be prompted. Read it and tick on “I understand and accept the disclaimer”. After that, click on OK button. To run this application, SuperUser permission is required. In other words, you phone need to be ROOTED!

Step 2:

Look at the Start button which is located at the bottom right. Simply click on it. Once the message “RUNNING AND SPOOFING” turns up, login into your Facebook account. Play around your account by navigating to HOME or write a wall post or reply to your friend’s status. Simply, do whatever you want with your account while DroidSheep is doing its job.
 

Step 3

WoOOooo! You have successfully captured your Facebook’s session. Usually, it can be up to one minute for DroidSheep to capture a session. Once your session has been listed in DroidSheep, select it! After that, click on Open Site option.

Step 4

Finally, you are in your Facebook account without having to do any authentication in your phone! So, what do you think about this attack? Awesome, huh?! However, can you imagine if someone does this attack on you? For your information, there is one way which you can use to prevent this attack. How? BY USING HTTPS! Make sure you are always be in secure connection if you want to always be safe from this attack. However, make sure you are using HTTPS starts from the login page until you click on the logout button.

How DroidSheep works???

There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.

Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

How can I protect myself?

The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message – remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
1 Vote
Android is one of the best and most famous operating system for mobile devices, mobile devices is now a important part of our life and we are using it every where in any condition. There are a lot people that are using Wifi on their mobile devices. Look at the past when we had a Firefox ad ons that can hijack Facebook, Twitter and other social networking websites sessions and the tool is called Firesheep, after this we got FaceNiff the purpose is same means session hijacking while Faceniff is for android OS.
Now there is another best tool for Android OS that can hijack session and it called Droidsheep.

What is DroidSheep?

DriodSheep is awesome Session Hijacking Android app that can be use to hijack Wifi Sessions. Currently It support Open andWEP Encrypted networks that includes WPA and WPA2 networks (PSK) According to the author, all websites are vulnerable that includes Google.com, facebook.com. BTW we have tested it with Facebook :-)

What are the requirements to run DroidSheep on Android phones?

You have to make sure the following checklist that we have tested on our SamSung Galaxy S phone with Andriod 2.3.4 :-)

  • libpcap
  • arpspoof  – It can be install using Android Market
  • Your phone Must Be ROOTED in order to use this application.
  • and yes.. DroidSheep.

Step 1

Once you have installed DroidSheep in your Android, run the application. An agreement will be prompted. Read it and tick on “I understand and accept the disclaimer”. After that, click on OK button. To run this application, SuperUser permission is required. In other words, you phone need to be ROOTED!

Step 2:

Look at the Start button which is located at the bottom right. Simply click on it. Once the message “RUNNING AND SPOOFING” turns up, login into your Facebook account. Play around your account by navigating to HOME or write a wall post or reply to your friend’s status. Simply, do whatever you want with your account while DroidSheep is doing its job.
 

Step 3

WoOOooo! You have successfully captured your Facebook’s session. Usually, it can be up to one minute for DroidSheep to capture a session. Once your session has been listed in DroidSheep, select it! After that, click on Open Site option.

Step 4

Finally, you are in your Facebook account without having to do any authentication in your phone! So, what do you think about this attack? Awesome, huh?! However, can you imagine if someone does this attack on you? For your information, there is one way which you can use to prevent this attack. How? BY USING HTTPS! Make sure you are always be in secure connection if you want to always be safe from this attack. However, make sure you are using HTTPS starts from the login page until you click on the logout button.

How DroidSheep works???

There are many users that do not known that air is the transmission medium when using WiFi. Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.

Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

How can I protect myself?

The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message – remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website

For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s