Former Writer · Jun 18, 2012 at 06:30 pm

DroidSheep Undresses Network Security and Shows How It’s Done

Typically on XDA, we feature modifications and “hacks” for users to flash and enjoy. Every now and then, though, there’s an application that pops up that’s capable of actually hacking—at least to some extent. Not long ago, we brought you a network spoofing application that allowed people to mess with a computer while it was actively using a network. As a step up from that, there’s now an application to expose network security vulnerabilities from the comfort of your Android-powered device.

Before continuing, please keep in mind that this application is for educational purposes only, and and XDA does not condone information network intrusion on any network other than your own. The application was designed to test the security of social networking profiles over a network. The application was written by Security Researcher Andreas Koch and posted on the forums by XDA Forum Member virus786. As virus786 writes:

…information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves. Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents. Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

While this sounds like some scary stuff, using HTTPS whenever possible limits the amount of useful information that applications such as DroidSheep are able to obtain.

Head over to the original thread to get started.


_________
Want something on the XDA Portal? Send us a tip!
TAGS:

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Mathew Brack · May 25, 2015 at 06:00 am · 5 comments

Android M Code Name: Macadamia Nut Cookie

While the official name for the latest iteration of Android has yet to be revealed, the code name used internally by Google has been seen to be Macadamia Nut Cookie (MNC). This will almost certainly not be the final name for the release with rumors so far leaning towards milkshake, much like Key Lime Pie became Kit Kat and Lemon Meringue Pie became Lollipop. The acronym MNC has now also started to appear in several locations in AOSP, just look out...

XDA NEWS
Chris Gilliam · May 24, 2015 at 03:59 pm · 3 comments

XDA Recap: This Week In Android (May 17 – 23)

Another week, another recap. The Sunday tradition marches on this week with a fresh no-nonsense look at big-picture news. Here in the digital XDA writers’ room, we spend our days pouring over an average of 2,500 news items and forum threads every 24 hours. Only the most timely and interesting bits survive the editing process, but the portal’s front page still sees weekly counts in excess of 100 posts. This is a glut of content to absorb, especially if following...

XDA NEWS
Mario Tomás Serrafero · May 24, 2015 at 11:00 am · 1 comment

Sunday Debate: Are Smaller Bezels Better or Worth It?

Bezels have been getting smaller and smaller as the years go by, and while devices from 2011 needed to trim some fat, there is no absolute rule that says that smaller bezels, after a happy medium, are beneficial to a phone. Part of this is that, with today’s current smartphone paradigms, an absolute lack of bezels does not produce an inherently better user experience.   With each technological advancement come limitations and compromises of some sort, and bezels are not...

XDA NEWS
Share This