Former Writer · Jun 18, 2012 at 06:30 pm

DroidSheep Undresses Network Security and Shows How It’s Done

Typically on XDA, we feature modifications and “hacks” for users to flash and enjoy. Every now and then, though, there’s an application that pops up that’s capable of actually hacking—at least to some extent. Not long ago, we brought you a network spoofing application that allowed people to mess with a computer while it was actively using a network. As a step up from that, there’s now an application to expose network security vulnerabilities from the comfort of your Android-powered device.

Before continuing, please keep in mind that this application is for educational purposes only, and and XDA does not condone information network intrusion on any network other than your own. The application was designed to test the security of social networking profiles over a network. The application was written by Security Researcher Andreas Koch and posted on the forums by XDA Forum Member virus786. As virus786 writes:

…information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves. Usually nothing special happens because the WiFi users discard packets that are not destined to themselves. DroidSheep does not do this. It reads all the packets looking at their contents. Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users. Moreover DroidSheep can use this token to use it as its own. The server can’t decide whether the authorized user or DroidSheep has sent the request.

While this sounds like some scary stuff, using HTTPS whenever possible limits the amount of useful information that applications such as DroidSheep are able to obtain.

Head over to the original thread to get started.


_________
Want something on the XDA Portal? Send us a tip!
TAGS:

Former Writer

Former Writer is an editor on XDA-Developers, the largest community for Android users. View Former Writer's posts and articles here.
Mario Tomás Serrafero · Apr 1, 2015 at 11:00 am · 4 comments

Google to Acquire XDA, Dev Rewards & Policy Changes

We are delighted to announce that starting on April 20th, a finalized deal with Google will make XDA Developers a software development division for the beloved search giant. This exciting transition will start as early as next week, where new XDA Talent Scouts from Google will browse our forums and reward the best contributors and offer them software development or design positions as well. A new set of XDA Forum Moderators from Google’s Legal Department will also make sure that...

XDA NEWS
Tomek Kondrat · Apr 1, 2015 at 10:11 am · 1 comment

Hi Locker to Help You With Lockscreen Headache

The lockscreen is a part of the OS that we see hundreds of times every day, whether we're using Android or iOS. The look of the lockscreen depends on the Android version, device manufacturer or ROM chef. In short, it differs for almost every user. Luckily enough, users can use third party alternatives that bring more features. One such application is Hi Locker, developed by XDA Senior Member thotran7989. Hi Locker can be found both on the Play store and...

XDA NEWS
Jimmy McGee · Apr 1, 2015 at 07:00 am · 2 comments

Must Have App Review: Spider Squisher Pro Extreme

Here on XDA TV we have a series we like to call Must Have Apps. These are apps that we think are so great and useful that you must have them. We’ve given this title to such programs as Pushbullet, Light Flow, Helium, the AROMA File Manager, ROM Toolbox and Pocket Casts. But today we have an app that surpasses them all. Former XDA TV Producer Adam Outler offers up a must have application. In this video, XDA TV Producer...

XDA NEWS
Share This