[APP]DroidSheep : ARP-Spoofing App for Android

Status
Not open for further replies.
Search This thread

virus786

Senior Member
Feb 23, 2012
165
146
Cape Town

DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.

DroidSheep requires ROOT!

Please note:
DroidSheep was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!​

How does this work?
As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.​

How does that work this simple?
There are many users that do not known that air is the transmission medium when using WiFi.
Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.

03_Wireless_network-1024x928.png


Usually nothing special happens because the WiFi users discard packets that are not destined to themselves.
DroidSheep does not do this. It reads all the packets looking at their contents.
Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users.
Moreover DroidSheep can use this token to use it as its own.
The server can’t decide whether the authorized user or DroidSheep has sent the request.

04_Attack_attack021-1024x633.png


How can I protect myself?
The only satisfying answer is: SSL respectively HTTPS.
Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
You can use a VPN-connection
For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.​

Please note this is NOT my work I am simply sharing this and giving a direct link to the APK (it was removed from droidsheep.de because of German rules).


Source: http://droidsheep.de

Build 14: http://www.iuptech.com/public/SD/download/droidsheep-current.apk <-- Thanks mbirth for build 14 link.

Build 15: Attached to this post - compiled by mbirth <-- Thanks

All credit goes to Andreas Koch for this amazing app! - Thanks a million!
 

Attachments

  • de.trier.infsec.koch.droidsheep-15.apk
    302.4 KB · Views: 284,453
Last edited:

pandata000

Senior Member
Mar 9, 2011
163
241
It works for me, but there's a mess with sessions. Probably you should consider mapping each session to each Wifi network and not showing old ones with new networks... Just a suggestion
 

Emaaans

Senior Member
May 28, 2012
179
43
Not working for me on Galaxy Note ICS... Do you think it's related to my conection? How should I change it?


EDIT i installed the v15 version and know it's perfect!
 
Last edited:
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 96

    DroidSheep is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.

    DroidSheep requires ROOT!

    Please note:
    DroidSheep was developed as a tool for testing the security of your accounts.
    This software is neither made for using it in public networks, nor for hijacking any other persons account.
    It should only demonstrate the poor security properties network connections without encryption have.
    So do not get DroidSheep to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!​

    How does this work?
    As already announced DroidsSheep supports almost every website – also “big” webservices like facebook and Yahoo.​

    How does that work this simple?
    There are many users that do not known that air is the transmission medium when using WiFi.
    Therefore information is not only transfered to its receiver but also to any other party in the network within the range of the radio waves.

    03_Wireless_network-1024x928.png


    Usually nothing special happens because the WiFi users discard packets that are not destined to themselves.
    DroidSheep does not do this. It reads all the packets looking at their contents.
    Is a website sending a clear recognition feature within a message’s content, which can identify a user (“SessionID”), then DroidSheep is able to read it although it is not intended to external users.
    Moreover DroidSheep can use this token to use it as its own.
    The server can’t decide whether the authorized user or DroidSheep has sent the request.

    04_Attack_attack021-1024x633.png


    How can I protect myself?
    The only satisfying answer is: SSL respectively HTTPS.
    Many providers already offer HTTPS, even facebook, however it must often be enabled in the settings first.
    When using HTTPS the data are still sent to alle participants in the WiFi-network, too, but because the data has been encrypted it is impossible for DroidSheep to decrypt the contect of a message - remaining only a complete mess of letters, with which an attacker can’t do anything.
    The real problem is that not every website provides SSL. What to do when you are in a public network (hotel, airport, etc.), you also want to use this and the site does not offer HTTPS though?
    You can use a VPN-connection
    For this the computer sets up an encrypted channel to a confidential computer which again transfers the data to the website.​

    Please note this is NOT my work I am simply sharing this and giving a direct link to the APK (it was removed from droidsheep.de because of German rules).


    Source: http://droidsheep.de

    Build 14: http://www.iuptech.com/public/SD/download/droidsheep-current.apk <-- Thanks mbirth for build 14 link.

    Build 15: Attached to this post - compiled by mbirth <-- Thanks

    All credit goes to Andreas Koch for this amazing app! - Thanks a million!
    13
    The v15 is in the official SVN: https://code.google.com/p/droidshee...idsheep/DroidSheep_public/AndroidManifest.xml

    And since there's no official APK, you have to compile it yourself. Thus the different signature.

    Attached is v15 compiled by myself.
    6
    FFS people its not a virus
    Google the thing and read the authors web site. You think XDA would leave this thread up if it was a virus.

    Sent from my SGH-I747M using xda premium
    4
    There's build 14: http://www.iuptech.com/public/SD/download/droidsheep-current.apk

    Build 15 is nowhere to be found for now…
    3
    apk please? :D

    Running a quick Google search results in this ;)
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone