[APP][ROOT] DroidSniff - Meet the little brother of DroidSheep - v1.0.0 Build 16

xDragonZ

Senior Member
Jan 28, 2011
88
135
0
DroidSniff is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.

DroidSniff requires ROOT!

Please note:
DroidSniff was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSniff to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!​

Source Code : https://github.com/Evozi/DroidSniff
Please fork and support this project.

This app is based on DroidSheep licence under GPL v3 licence.



Here's the changelog
Version 1.0.0 Build 16

This is the 1st release of DroidSniff , please report any problem/bugs at here.

[Added] Support for Reddit
[Added] Check Update with Updater
[Improvement] Actionbar for android below 4.0 with new sexy UI
[Improvement] The session list will not jump back to the top when the list refreshed/new session added.
[Improvement] Green tick on the icon will be showed when you saved a cookie
[Improvement] Arp Spoof Service - Cleaned up some code and added "killall arpspoof"
[Removed] Pop Up Activity
[Fix] Sniffed Google and Amazon URL

More will be added in the up-coming version:
- Pref Screen
- User Agent Changer
- and more!


** if anyone want to help to develop this please PM me, I also will post to GitHub later since this is licence under GPLv3

Coming Soon:
Ability to add custom URL
Ability to change user agent
Setting Screen
Export to cookies to any apps , instead just of email
MAC to Vendor


Please give some suggestion and ideas. :laugh:


Download : http://www.mediafire.com/?c3mr5lx34kpmp97

(Please don't forget to report bugs so that we can fix it)

 
Last edited:

Aircondition

Senior Member
Dec 10, 2011
143
38
0
That looks great. I hope you release the source code for it too.

Here is my modded version. As you see I've updated to UI for it and removed unnecessary code. The icon you are using looks great, the DroidSheep icon is so ugly so I removed it, even the Android default icon is more beautiful. Instead of using WebKit I use the default browser (Chrome) cause it's much more faster and easier to navigate on. I really like the bottom bar in your browser, looks great. For me Google isn't working cause it NEVER wants to use non-SSL.

Something that would be great is support for SSLStrip. FaceNiff has it but it costs money. I've been trying to get it working by using APK Manager & dex2jar/JD-GUI without any success. The C/C++ files aren't included in the apk. :(

I've been trying to change the name from DroidSheep but I had so many problems so I just skipped it. It's easy to change the name in the GUI but going through all source files and replacing everything is a bit harder. ;)

The app is a little buggy cause sometmies it captures the logins but not every time. I'm going to investigate the included C/C++ files and see if there are any filters and how everything works.
 

Attachments

Last edited:

xDragonZ

Senior Member
Jan 28, 2011
88
135
0
That looks great. I hope you release the source code for it too.

Here is my modded version. As you see I've updated to UI for it and removed unnecessary code. The icon you are using looks great, the DroidSheep icon is so ugly so I removed it, even the Android default icon is more beautiful. Instead of using WebKit I use the default browser (Chrome) cause it's much more faster and easier to navigate on. I really like the bottom bar in your browser, looks great. For me Google isn't working cause it NEVER wants to use non-SSL.

Something that would be great is support for SSLStrip. FaceNiff has it but it costs money. I've been trying to get it working by using APK Manager & dex2jar/JD-GUI without any success. The C/C++ files aren't included in the apk. :(

I've been trying to change the name from DroidSheep but I had so many problems so I just skipped it. It's easy to change the name in the GUI but going through all source files and replacing everything is a bit harder. ;)

The app is a little buggy cause sometmies it captures the logins but not every time. I'm going to investigate the included C/C++ files and see if there are any filters and how everything works.
Thanks for your reply, I think I will try work on the SSLStrip and add DroidSniff the ability to target a specific IP address.

Nice you implemented it to use the default browser (Chrome) Gonna figure out how to do that when i'm free.

Yea, need to disable the SSL so that we can get the Google cookies. On my computer Google.com loads without SSL but with my laptop it automatically use SSL.

Changing the name is quite easy. :laugh:

download llink?
Coming Soon :fingers-crossed:

Hello, why you not integrate a wpa calculator? :confused:
Do mean WPA Alice Calculator?
 
  • Like
Reactions: fatcobrah

CooLoserTech

Senior Member
Mar 13, 2012
648
225
0
Dang my phone was off and this post made me turn it on and then..no link. -_-

Great job though, looks a lot better than Droid SHEEP
 

orthonovum

Senior Member
Jul 11, 2010
353
79
0
This is great, I have used droidsheep and facesniff for my job and now facesniff does not work with 4.x and droidsheep has some leaks and is never updated anymore also the latest source wont compile without some tweaks and messing about.

Looking forward to your app. If you make a donate version I will gladly donate to support further development and no ads :)

SSL strip implementation would be useful as I have compiled SSLStrip for android but it crashes often, if you figure out how to get it stable then good on ya! :D

thanks!
 

Aircondition

Senior Member
Dec 10, 2011
143
38
0
The most important feature is definitely SSL support. Just Google "SSLStrip-for-Android" and you will find the source code for it running on Android. It shouldn't be hard to implement cause DroidSheep is based on Arpspoof which is also included in this project. There is also an app you can test on Google Play but it seems to only work with USB tethering from your phone to PC.

Using the default browser is much faster. Here is how you do it:

str1 stands for the url (eg; facebook.com)
str2 stands for the cookies content (eg; for facebook you have to use the "c_user" cookie, dont have any clue why DroidSheep is also using the datr, lu, and xs cookies, it just makes it slower to initialize cookies)

Code:
Intent i = new Intent(Intent.ACTION_VIEW);
i.setData(Uri.parse("http://" + str1 + ":8080/" + str1 + "@" + str2));
startActivity(i);
Here is the de-compiled version of FaceNiff. Nothing new here, the "faceniff" which contains the SSLStrip library is already compiled and the sources for it is not included in the project. :(
http://www.media fire.com/?e5xsan45cefe4fy (i have to low posts for links)
 
Last edited:

_ice_

Senior Member
Feb 5, 2007
654
74
0
28
Houston
+1000 SSL strip is important, facebook and twitter now requires https login. Without ssl strip this app would be obsolete for facebook, twitter penetration.
 

Aircondition

Senior Member
Dec 10, 2011
143
38
0
So you don't think we know what FaceNiff is? It costs money that's the only bad thing and DroidSheep is free and open source but without support for SSLStrip.
 

Aircondition

Senior Member
Dec 10, 2011
143
38
0
The script I posted on the first page was taken from FaceNiff and after some research it seems like it's forwarding all traffic to port 8080 where it's doing the SSL spoofing and enables opening sessions in the default browser (running through the proxy server). When you click on a profile in FaceNiff it will open "http://facebook.com:8080/[email protected]_IDENTIFIER" and the binary will return a response which will set the cookies and rederict the user to the normal Facebook website. It was working when I tested it but then I realized the FaceNiff app was running on my Android, I stopped it and it didnt work anymore.

As fatcobrah said most important is SSLStrip as most websites are forcing users to use SSL and open profiles in the default browser cause it's much easier to navigate in, you can zoom in/out and it has a very fast Javascript engine (at least in Chrome). Improved filters to capture more websites would also be great and grabbing the users Facebook picture like in FaceNiff is also very useful.

Also found this string inside the faceniff binary "all your passwords are belong to Us!. ;)
 
Last edited:
  • Like
Reactions: xDragonZ

rirozizo

Senior Member
Jul 6, 2010
2,859
1,547
193
wonderland... soon
btw ARP-spoofing is kinda slow. i mean, having your cellphone work as an "inbetween" router dramatically slows down the connection. i've hacked my bother's account (nothing bad, just posted a "you've been hacked" status). and now everytime the internet slows down, he suspects i'm trying to hack him.

so when you make you AWESOME app, please try making the ARP-spoofing faster.

———————————————————
i didn't mean to mock you or to offend you in any kind of way
 

xDragonZ

Senior Member
Jan 28, 2011
88
135
0
Here is the version of SSLStrip I built from the latest source, minimal changes (better icon n stuff)

http://www.filedropper.com/sslstripforandroid101
Nice , I also plan to try that SSLStrip that ported by crazyricky. Hope that it works.

@fatcobrah
Thanks for the suggestion. :)

The script I posted on the first page was taken from FaceNiff and after some research it seems like it's forwarding all traffic to port 8080 where it's doing the SSL spoofing and enables opening sessions in the default browser (running through the proxy server). When you click on a profile in FaceNiff it will open "http://facebook.com:8080/[email protected]_IDENTIFIER" and the binary will return a response which will set the cookies and rederict the user to the normal Facebook website. It was working when I tested it but then I realized the FaceNiff app was running on my Android, I stopped it and it didnt work anymore.

As fatcobrah said most important is SSLStrip as most websites are forcing users to use SSL and open profiles in the default browser cause it's much easier to navigate in, you can zoom in/out and it has a very fast Javascript engine (at least in Chrome). Improved filters to capture more websites would also be great and grabbing the users Facebook picture like in FaceNiff is also very useful.

Also found this string inside the faceniff binary "all your passwords are belong to Us!. ;)
Yea, agree, and I also found out that the port 8080 will not work unless you start a background service to do the forwarding job like FaceNiff does.

I also looked at faceniff binary and it contain some interesting string. I think when I back home I will try to do that like FaceNiff does.


btw ARP-spoofing is kinda slow. i mean, having your cellphone work as an "inbetween" router dramatically slows down the connection. i've hacked my bother's account (nothing bad, just posted a "you've been hacked" status). and now everytime the internet slows down, he suspects i'm trying to hack him.

so when you make you AWESOME app, please try making the ARP-spoofing faster.

———————————————————
i didn't mean to mock you or to offend you in any kind of way
This is because of limited bandwidth and processing power of most Android devices, there might be bandwidth problems in networks with a lot of traffic. This might lead to problems and slow connections for the whole network.
 
Last edited:
  • Like
Reactions: kevinnol

Aircondition

Senior Member
Dec 10, 2011
143
38
0
btw ARP-spoofing is kinda slow. i mean, having your cellphone work as an "inbetween" router dramatically slows down the connection. i've hacked my bother's account (nothing bad, just posted a "you've been hacked" status). and now everytime the internet slows down, he suspects i'm trying to hack him.

so when you make you AWESOME app, please try making the ARP-spoofing faster.
Without arpspoof running: http://www.speedtest.net/result/2053296350.png
With arpspoof running: http://www.speedtest.net/result/2053297706.png

You say it's slower? You're wrong.

I just tried the SSLSlip ported to Android and here are the results:
1. If you have your homepage as "https://www.google.com" it wont load. You have to start browsing on a non-SSL site and the web proxy NanoHTTPD will transform all https links to http.
2. When I logged in to Google the account name and password was shown in the GUI but it was logged out directly after the page refreshed. Maybe NanoHTTPD can't handle cookies correctly?
3. Much slower and battery is draining much more faster cause everything is going through the NanoHTTPD client.

FaceNiff is running the SSLStrip and webserver in the binary file (Linux kernel) and this port is running it inside the Dalvik virtual machine which will make it go slower. We already know that arpspoof is compatibility with this but not sure about the droidsheep binary...
 
Last edited:

rirozizo

Senior Member
Jul 6, 2010
2,859
1,547
193
wonderland... soon
well, my experience with droidsheep was a slow surfing situation...

and you can't speed test it. explaination:
ARP-spoof is making the PC think that the phone is the router, instead of the actual router.

so with ARP-spoof on: PC---Phone---Router---Internet

now, the speed test is only between the Router and the internet. and with ARP-spoof on, it's between the Phone and the Internet.

the connection will still be slow, because having the Phone run as router is actually really hard to do, having the Phone track the PC's activity, and interfere with it is hard.

the phone gets the command from the PC, then send it to the router, the router responds to the phone, then the phone sends the data to the PC... so it's a slower process than without ARP-spoof.

———————————————————
i didn't mean to mock you or to offend you in any kind of way