It is similar to Firesheep or Faceniff, one-click session hijacking using your android smartphone or tablet computer.<\/p>\n
Explained in simple manner<\/strong><\/span><\/p>\n Every morning X uses the public Wifi which is available in Caf\u00e9 Lounge. Y who knows about it and stalks him.\u00a0 When X is using the WiFi, his laptop sends all the data intended to be received by facebook, over the air to the Caf\u00e9 Lounge wireless router.\u00a0Y with his phone can read all the data sent by X. As some data is encrypted before being sent like X \u00a0facebook password, but in order not to make X enter his password after each click, facebook sends X a so called \u201csession id\u201d after logging in, which X sends with each interaction, making it possible for facebook to identify. \u00a0Usually only X knows this id, as he receives it encrypted. But when X uses the Caf\u00e9 Lounge WiFi, he spreads his session id over the air to everybody. So Y takes this session id by using ‘Droidsheep’ app and uses it as his \u2013 and facebook cannot determine, who is using it.\u00a0DroidSheep makes it easy to use for everybody. Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Jumping on the other person’s session simply needs one more click.<\/p>\n How does this work?<\/strong><\/span> DroidSheep nearly supports all pages using cookies!<\/strong><\/span> It is similar to Firesheep or Faceniff, one-click session hijacking using your android smartphone or tablet computer.<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[13],"tags":[],"class_list":["post-2167","post","type-post","status-publish","format-standard","hentry","category-network"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9AH7Q-yX","_links":{"self":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/2167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/comments?post=2167"}],"version-history":[{"count":0,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/posts\/2167\/revisions"}],"wp:attachment":[{"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/media?parent=2167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/categories?post=2167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qadit.com\/blog\/wp-json\/wp\/v2\/tags?post=2167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nWhen you use web applications, they usually require you to enter your credentials in order to verify your identity. To avoid entering the credentials at every action you do, most web applications use sessions where you need to log-in once. A session gets identified by a session token which is in possession of the user and is sent together with any subsequent request within the HTTP packets. DroidSheep reads all the packets sent via the wireless network and captures this session token, what allows you to use this session token as yours and make the web application think you are the person identified by this token. There is no possibility for the server to determine if you\u2019re the correct person or not.<\/p>\n
\nIf you want to see all cookies and capture more accounts, enable generic mode to see them. If Generic mode is disabled, you\u00b4ll only see profiles, DroidSheep recognizes \u2013 but there can be some more on the air, so give generic mode a try. \u00a0DroidSheep now supports OPEN, WEP, WPA and WPA2 secured networks. For WPA\/WPA2 it uses DNS-Spoofing attack.<\/p>\n","protected":false},"excerpt":{"rendered":"