• Animesh Gupta

DROIDSHEEP Android Application for Hackers

Updated: Aug 1, 2018

DroidSheep [Root] is an Android application that analyzes security in wireless networks and also captures Twitter, Linked, Facebook, and other accounts. You can install DroidSheep in your Android phone and use it to analyze the security of any public network. Take your friend to a public network and allow him to access his Facebook account through the same network. DroidSheep will allow you to browse on your friend’s Facebook account using his identity. You can read his private messages, write wall posts, write messages, remove his friends and even delete his Facebook account without getting in touch with him.

When your friend uses the public Wi-Fi, his laptop sends Facebook data over the air to the public Wi-Fi wireless router. DroidSheep allows you to read the data sent by your friend because in this situation, “Over the air” means that “data can be captured by everybody”. Some data are not encrypted before they can be sent and, therefore, you may not be able to read your friend’s Facebook password. The public Wi-Fi spreads the Facebook’s session id over the air to everybody, and this is the main reason why you are able to access your friend’s Facebook account. Facebook will not be able to determine who is really using the session id.

The above example demonstrates DroidSheep [Root] simplicity of session hijacking, especially within a Wi-Fi Network. With just a single click, your eBay, LinkedIn, Amazon, Twitter, Facebook, LinkedIn, and any other online account will be taken over by an adversary and you will remain defenseless. Even the developer was frightened and surprised by using it on any public network or Wi-Fi and decided to develop anti-spoofing tool Droidsheep Guard. DroidSheep Guard is an Android application that monitors Android ARP-table. Its main function involves trying to detect the ARP-Spoofing on networks. A perfect example is an attack by FaceNiff, DroidSheep or any other software.

How DroidSheep Works?

When you press the start button, DroidSheep will acts as a router to monitor and intercept all the network traffic (if you enabled ARP spoofing) and then display active session profiles.

How To Use DroidSheep To Hijack Sessions?

Before going into the how to section, make sure that your android phone is rooted. If your phone is rooted.... Let's begin! Also, make sure, you have a target on the same network who is using HTTP to access a web account. Download the DroidSheep.  Note: Download link is at the end of this article. Install it..... Then open DroidSheep, now you have a window like this:

Make sure you have enabled "ARP spoofing" and "Generic mode".

ARP spoofing: DroidSheep will act as a router and intercept all the network traffic.

Generic Mode: It listens for any cookie, not only for the sites you know.

Then... Tap on "Start" button.. 

Wait few seconds..

It will display active session profiles.  See the image below:

Then tap on the victim's session profile..... it will display a set of options such as Open Site, Remove from List, Add host to blacklist, Export via eMail and Save Cookies.

Open Site: It allows you to use victim's account as him/her.

Remove From List: Removes the selected session from the list.

Add host to blacklist: Prevents capturing cookies from the selected server in future.

Export via eMail: It allows you to send the cookie values via Email (This helps you to use the session the computer).

Save Cookies: It allows you to save the cookies for later use.

If you want to use victim's web account as him/her, tap on "Open Site".... it will take you there. Enjoy....

What Are Other Options Available On DroidSheep?  

It has Clear list, Clear Blacklist, Debug, Choose WiFi and Help. Clear list allows you to clear the captured cookie sessions and the Clear blacklist allows you to clear the list of blacklisted servers.

If you are experiencing any issues while running DroidSheep, you can collect debug information through the "Debug" option. Press menu and tap Debug for starting a debug session. Then it will ask you for starting a debug session. Tap on "Yes".

DroidSheep then starts running in debug mode, after 30 seconds, you can tap stop debugging. Then it will show you a set of options to send an email with the debug information.

You can select the target network by using "Choose WiFi" option.  Help option is for your own help!

Download Link: Download DroidSheep App

©2019 Security Unleashed | New Delhi