FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to. It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). It’s kind of like Firesheep for Android and it works on WPA2.
Sniff and Intercept Web Session Profiles on Android
Submitted by HAL2001 2011-06-02 Privacy, Security 8 Comments
So this is like tcpdump or Wireshark for Android? Neat.
I’ll take this opportunity to remind everyone to use encryption whenever possible, and if you’re really paranoid, use a VPN when using someone else’s network.
I hijacked my brother’s Facebook session and posted something on his wall.
The sad thing is that if Facebook used SSL this wouldn’t be possible. How much more computing power would Facebook need to enable SSL Facebooking?