It is similar to Firesheep or Faceniff, one-click session hijacking using your android smartphone or tablet computer.
Explained in simple manner
Every morning X uses the public Wifi which is available in Café Lounge. Y who knows about it and stalks him. When X is using the WiFi, his laptop sends all the data intended to be received by facebook, over the air to the Café Lounge wireless router. Y with his phone can read all the data sent by X. As some data is encrypted before being sent like X facebook password, but in order not to make X enter his password after each click, facebook sends X a so called “session id” after logging in, which X sends with each interaction, making it possible for facebook to identify. Usually only X knows this id, as he receives it encrypted. But when X uses the Café Lounge WiFi, he spreads his session id over the air to everybody. So Y takes this session id by using ‘Droidsheep’ app and uses it as his – and facebook cannot determine, who is using it. DroidSheep makes it easy to use for everybody. Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on the other person’s session simply needs one more click.
How does this work?
When you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A session gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets. DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you’re the correct person or not.
DroidSheep nearly supports all pages using cookies!
If you want to see all cookies and capture more accounts, enable generic mode to see them. If Generic mode is disabled, you´ll only see profiles, DroidSheep recognizes – but there can be some more on the air, so give generic mode a try. DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks. For WPA/WPA2 it uses DNS-Spoofing attack.
Comments are closed.