Descriptions
DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
DroidSheep requires ROOT!
Please note:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!
How does this work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.
How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi.
Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.
Usually nothing special happens because the WiFi users discard packets that are not destined to themselves.
DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users.
Moreover DroidSheep can use this token to use it as its own.
The server can’t decide whether the authorized user or DroidSheep has sent the request.
Posted by 10:51 AM and have
, Published at