Former Writer · Jun 18, 2012 at 06:30 pm

DroidSheep Undresses Network Security and Shows How It’s Done

Typically on XDA, we feature modifications and “hacks” for users to flash and enjoy. Every now and then, though, there’s an application that pops up that’s capable of actually hacking—at least to some extent. Not long ago, we brought you a network spoofing application that allowed people to mess with a computer while it was actively using a network. As a step up from that, there’s now an application to expose network security vulnerabilities from the comfort of your Android-powered device.

Before continuing, please keep in mind that this application is for educational purposes only, and and XDA does not condone information network intrusion on any network other than your own. The application was designed to test the security of social networking profiles over a network. The application was written by Security Researcher Andreas Koch and posted on the forums by XDA Forum Member virus786. As virus786 writes:

…information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves. Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents. Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

While this sounds like some scary stuff, using HTTPS whenever possible limits the amount of useful information that applications such as DroidSheep are able to obtain.

Head over to the original thread to get started.

Want something on the XDA Portal? Send us a tip!

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Mario Tomás Serrafero · Jul 29, 2015 at 12:10 pm · 1 comment

OnePlus 2 vs Moto X Style: Which is The Better Flagship?

Two big industry names have announced their newest flagship phones within the past few days. Both have also promised great performance for a cheap price, and now that we know the specifications and details about both the Moto X Style and the OnePlus 2, we can begin planning our next purchase and debating which one is better. So, judging from everything we know, which phone is more impressive?

Mathew Brack · Jul 29, 2015 at 10:35 am · 2 comments

Making Your Own Xposed Modules Is Easier Than You Think

Close to the heart of XDA is the Xposed Framework by Rovo89. Most of us will have used it but you may feel that the module repository is missing something. We have the solution with several guides aimed at getting you started to build your own modules, something that may be daunting but can open an entire new field of development with a little time and effort.     Where better to start than at the beginning? Rovo89 has created a straight forward tutorial for getting started with development for Xposed....

Jimmy McGee · Jul 29, 2015 at 06:00 am · 2 comments

ZenFone 2 Lolliflash and ZenPower Giveaway!

We recently did an in-depth review of the Asus Zenfone 2 but one of the things people may not be aware of is that ASUS has actually created a line of accessories to compliment the ZenFone, or any other Android device. The Lolliflash is a Lollipop-shaped external flash and the ZenPower is a thin 10,000mAh external battery. In today's video, Jordan shows off the Lolliflash and the ZenPower Accessories. Additionally, ASUS and XDA have teamed up to give away 5...