Have you ever been worried about your internet security? Would you like to analyze your own internet security? Then you will be happy with what DroidSheep has to offer. This software was actually developed as a security app. The developer acknowledges that it was meant for testing the security of online accounts and it was based on his Bachelor thesis titled “Session Hijacking on Android Devices”.
DroidSheep Overview
DroidSheep [Root] is an Android application that analyzes security in wireless networks and also captures Twitter, Linked, Facebook, and other accounts. You can install DroidSheep in your Android phone and use it to analyze the security of any public network. Take your friend to a public network and allow him to access his Facebook account through the same network. DroidSheep will allow you to browse on your friend’s Facebook account using his identity. You can read his private messages, write wall posts, write messages, remove his friends and even delete his Facebook account without getting in touch with him.
When your friend uses the public Wi-Fi, his laptop sends Facebook data over the air to the public Wi-Fi wireless router. DroidSheep allows you to read the data sent by your friend because in this situation, “Over the air” means that “data can be captured by everybody”. Some data are not encrypted before they can be sent and, therefore, you may not be able to read your friend’s Facebook password. The public Wi-Fi spreads the Facebook’s session id over the air to everybody, and this is the main reason why you are able to access your friend’s Facebook account. Facebook will not be able to determine who is really using the session id.
The above example demonstrates DroidSheep [Root] simplicity of session hijacking, especially within a Wi-Fi Network. With just a single click, your eBay, LinkedIn, Amazon, Twitter, Facebook, LinkedIn, and any other online account will be taken over by an adversary and you will remain defenseless. Even the developer was frightened and surprised by using it on any public network or Wi-Fi and decided to develop anti-spoofing tool Droidsheep Guard. DroidSheep Guard is an Android application that monitors Android ARP-table. Its main function involves trying to detect the ARP-Spoofing on networks. A perfect example is an attack by FaceNiff, DroidSheep or any other software.
Pros
- free security analyzing app
Cons
- Internet criminals and fraudsters can take advantage of the app and steal others identities.
Final Verdict
DroidSheep was neither made for hijacking other person’s accounts nor for using it in the public networks. Do not download and install DroidSheep to use it as a tool for gaining unauthorized access to other person’s online accounts or to harm anybody in any way. You should only use it to analyze your personal network security and determine the poor security properties of the network connections without encryption.