11 June, 2013

DroidSheep [ROOT] - ARP Spoofing App for Android



DroidSheep is an app for Security analysis in wireless networks... Got an Android device? - ROOT it now!

Please note:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security.


Here are videos of what it does:

http://www.youtube.com/watch?v=B4ROlCgTr80

http://www.youtube.com/watch?v=mIWkee7RjbU

http://www.youtube.com/watch?v=z7NUluxUORs


Here is a video Tutorial on how to use it:

http://www.youtube.com/watch?v=4N-SBx5EF3g


What will it work on?
DroidSheep supports most of the modern-day Android operating systems like ICS, Jellybean, etc. It can be used on WiFi connections to see what others on the network are doing. It works for various websites including Google, Facebook, Yahoo, etc.

How does that work this simple?
There are many users that do not know that air is the transmission medium when using WiFi.

Therefore information is not only transferred to its receiver but also to any other party in the network within the range of the radio waves.



Usually nothing special happens because the WiFi users discard packets that are not destined to themselves.
DroidSheep does not do this. It reads all the packets looking at their contents.

Moreover DroidSheep can use this token to use it as its own.
The server can’t decide whether the authorized user or DroidSheep has sent the request.



How can I protect myself?
-> Use HTTPS on websites.


When using HTTPS the data is still sent to all participants in the WiFi-network, but as the data has been encrypted it is not possible for DroidSheep to decrypt the content of the packets.

The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), where you want to use it but there's no HTTPS available?
-> Use a VPN.


Downloads:
DroidSheep Build 14 - http://xlnk.cc/droidsheepb14 
DroidSheep Build 15 - http://xlnk.cc/droidsheepb15 

Source: http://www.droidsheep.de/

PS: I'm glad to be back after a long vacation... :D

1 comment:

Nicolaj Absalon said...

Hey dude, thanks works nice
-Nico HF

Post a Comment