Droidsheep, Simple session hijacker in Android.
Have you ever used free wifi in coffie shop or airport. Enjoying free facebook or twitter. Be aware of that. There are lots of tools in market which can simply hijack your session and can use your account.
I am not joking, You also can do this by some simple click.
There is a tool, Droidsheep, an android based software, will capture all Accounts in the network!!
How does this work?
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
What do you need to run DroidSheep?
– You need an android-powered device, running at least version 2.1 of Android
– You need Root-Access on your phone (link)
– You need DroidSheep 🙂 (You can get it from here)
There are two possible ways to install DroidSheep:
One of the Android Markets (Google, AppBrain, …) — Simply search for DroidSheep and install the application
Download it from the here using your phones browser and open the file — your phone should ask for installing the app.
I AM NOT RESPONSIBLE FOR ANY DAMAGES THAT HAPPEN BY USING THIS SOFTWARE!