biase kita biaso dongar org buek sniff guno pc jo guno macam-macam tools.sekarang pakar develop android yang goma buekj program dapat buat satu tools untuk sniff iaitu Droidsheep.konsep dio lobih kurang macam fireship dan faceniff p dio lagi nampak senang digunakan
DroidSheep is a one-click session hijacking using your android smartphone or tablet computer.
It is very simple to use DroidSheep, Just start click the START button and wait until someone uses one of the supported websites. Jumping on his session simply needs one more click.
There are similar tools we have talked about firesheep and facesniff
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A sessions gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets.
DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
What do you need to run DroidSheep?
* You need an android-powered device, running at least version 2.1 of Android
* You need Root-Access on your phone (link)
* You need DroidSheep You can get it in the “GET IT” section
DroidSheep now supports nearly all Websites using Cookies!
* With Version 5, DroidSheep got the new “generic”-Mode! Simply enable it, and DroidSheep will capture all Accounts in the network!!
* Successfully tested with ALL already supported Accounts and a lot of other ones even all WordPress and Joomla-Pages should work.
There are some limitations
DNS-Spoofing, means it makes all devices within the network think, the DroisSheep-device is the router and sending their data to the device. This might have an impact to the network and cause connection problems or bandwith-limitations – and it can be spotted. DroidSheeps attack can not, as it only reads the packets sent over the WiFi, but instead of dismissing them, it uses the data
Note : DroidSheep is NOT INTENDED TO STEAL IDENTITIES.
It shall show the weak security properties of big websites just like Facebook. Please be always aware of what you’re doing.
WE ARENOT RESPONSIBLE FOR ANY DAMAGES THAT HAPPEN BY USING THIS SOFTWARE!
No comments:
Post a Comment