Tuesday, July 05, 2011

FaceNiff and Activator

Heard about FaceNiff? How about Firesheep?

Firesheep is so hot since last year. It is an add-on to the Firefox browser which can hijack any non-SSL Facebook session (and others like Gmail, etc). It is still cool today!

FaceNiff takes it to the next level, by doing the same thing as Firesheep, and run on rooted Android phone.
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It's kind of like Firesheep for android. Maybe a bit easier to use (and it works on WPA2!).
Now, the apk you download from FaceNiff is limited to 3 hijacked profiles. But there is a way to unlock the application. You need a FaceNiff Activator. Just follow the instruction from the article on http://fcnactive.blogspot.com/2011/06/activate-faceniff.html and download the SOneActivator.apk.

As far as I understand, the reason why FaceNiff works on WPA2 network is because it does ARP poisoning to the WiFi network.

Now, I have my FaceNiff running with me everywhere I go!