Linked by David Adams on Thu 2nd Jun 2011 16:32 UTC, submitted by HAL2001
Privacy, Security, Encryption FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It's kind of like Firesheep for Android and it works on WPA2.
Order by: Score:
Comment by joekiser
by joekiser on Fri 3rd Jun 2011 02:05 UTC
joekiser
Member since:
2005-06-30

So this is like tcpdump or Wireshark for Android? Neat.

I'll take this opportunity to remind everyone to use encryption whenever possible, and if you're really paranoid, use a VPN when using someone else's network.

Reply Score: 2

Tried it... works
by FunkyELF on Fri 3rd Jun 2011 12:23 UTC
FunkyELF
Member since:
2006-07-26

I hijacked my brother's Facebook session and posted something on his wall.

The sad thing is that if Facebook used SSL this wouldn't be possible. How much more computing power would Facebook need to enable SSL Facebooking?

Reply Score: 2

RE: Tried it... works
by twitterfire on Fri 3rd Jun 2011 12:35 UTC in reply to "Tried it... works"
twitterfire Member since:
2008-09-11


The sad thing is that if Facebook used SSL this wouldn't be possible. How much more computing power would Facebook need to enable SSL Facebooking?


SSL is still prone to man in the middle attacks. And you can steal cookies if you want to get access to a facebook account.

Reply Score: 2

RE[2]: Tried it... works
by Timmmm on Fri 3rd Jun 2011 16:36 UTC in reply to "RE: Tried it... works"
Timmmm Member since:
2006-07-25

No it isn't. You need to convince a CA to make you a certificate for facebook.com, which has happened on occasion, but isn't exactly easy.

And you can't steal cookies from SSL connections. That's just stupid.

Reply Score: 2

RE: Tried it... works
by WereCatf on Fri 3rd Jun 2011 13:51 UTC in reply to "Tried it... works"
WereCatf Member since:
2006-02-15

I hijacked my brother's Facebook session and posted something on his wall.

The sad thing is that if Facebook used SSL this wouldn't be possible. How much more computing power would Facebook need to enable SSL Facebooking?


Facebook does nowadays support SSL, you just have to enable it in your settings. And yes, I agree; it should be enabled by default. But nevertheless, the support is already there.

Reply Score: 2

RE: Tried it... works
by Soulbender on Fri 3rd Jun 2011 14:20 UTC in reply to "Tried it... works"
Soulbender Member since:
2005-08-18

https://www.facebook.com works just fine for me. Don't blame facebook for your brothers mistake.

Reply Score: 2

RE[2]: Tried it... works
by Johann Chua on Sat 4th Jun 2011 05:23 UTC in reply to "RE: Tried it... works"
Johann Chua Member since:
2005-07-22

Problem is that HTTPS doesn't work with Facebook apps, so it's turned off by default.

Reply Score: 2

RE[2]: Tried it... works
by FunkyELF on Mon 6th Jun 2011 14:23 UTC in reply to "RE: Tried it... works"
FunkyELF Member since:
2006-07-26

https://www.facebook.com works just fine for me. Don't blame facebook for your brothers mistake.


I did that too.... but then clicking around you eventually end up with http.

Reply Score: 2