Linked by David Adams on Thu 2nd Jun 2011 16:32 UTC, submitted by HAL2001
Privacy, Security, Encryption FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It's kind of like Firesheep for Android and it works on WPA2.
Thread beginning with comment 475891
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Tried it... works
by twitterfire on Fri 3rd Jun 2011 12:35 UTC in reply to "Tried it... works"
twitterfire
Member since:
2008-09-11


The sad thing is that if Facebook used SSL this wouldn't be possible. How much more computing power would Facebook need to enable SSL Facebooking?


SSL is still prone to man in the middle attacks. And you can steal cookies if you want to get access to a facebook account.

Reply Parent Score: 2

RE[2]: Tried it... works
by Timmmm on Fri 3rd Jun 2011 16:36 in reply to "RE: Tried it... works"
Timmmm Member since:
2006-07-25

No it isn't. You need to convince a CA to make you a certificate for facebook.com, which has happened on occasion, but isn't exactly easy.

And you can't steal cookies from SSL connections. That's just stupid.

Reply Parent Score: 2