• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Facebook session hijacker

Status
Not open for further replies.
P

ponury

Lurker
Hi there, I've written an app that allows hijacking facebook sessions over WiFi.

It works only with accounts not using SSL, and it doesn't work with WPA-EAP. It can break internet connection and a lot of other stuff so use on your own risk.

It can and probably will use a LOT of CPU since it diverts all network traffic through your device and analyses every packet (not completely true).

*** ROOT IS REQUIRED ***

I have a confirmation it works on Desire, Desire HD and Galaxy S. I personally use it on Desire with CM7.

It has few bugs and if something breaks or not work please let me know I'll try to fix it.

The app is limited to switch between only 3 profiles. If you need more you can get activation key from paypal when asked for.

Okey the link to app is here: \

DISCLAIMER: I am not responsible for any damage you would make with this app. It's completely up to you.
 
AmneonX said:
I can see how this would be useful. Use this to show what can happen on a public network.
Click to expand...

Exactly! People are completely unaware that public internet is totally unsafe. FB isn't better they've added SSL option but still only a few people know what it does and why to use it. They should enable it for everyone.
 
ponury said:
Exactly! People are completely unaware that public internet is totally unsafe. FB isn't better they've added SSL option but still only a few people know what it does and why to use it. They should enable it for everyone.
Click to expand...

OH! so you're not encouraging illegal activity; you're providing a public service!

Thanks makes it ok then.

:rolleyes:
 
ponury said:
Yes... and you didn't just now enabled SSL on your account right? And did it also on your's girlfriend/roommate pc.
Click to expand...

If only there were more people like you!!!1!

you've given me a great idea: I think more people should upgrade their old door locks to newer, safer ones that are more resistant to being picked. So, I'm going to make a bunch of skeleton keys for the old locks and give them away for free!
Disclaimer: I'm not responsible for any illegal raping and killing you might do.
 
Now in all fairness this is a good idea. I was going to hold a seminar on home network security this summer, and if I was able to use this to show more dangers of unprotected networks I feel it would be a better experience for everyone.

I kept getting an access denied error though. When I first powered the app on. That could've been the encryption though, forgot about that part.
 
ambientdroid said:
If only there were more people like you!!!1!

you've given me a great idea: I think more people should upgrade their old door locks to newer, safer ones that are more resistant to being picked. So, I'm going to make a bunch of skeleton keys for the old locks and give them away for free!
Disclaimer: I'm not responsible for any illegal raping and killing you might do.
Click to expand...
You know this technique is few years old at least. I'm not inventing anything here. And if someone could tell you: "hey click here - it's free - and you'll be safe because now anyone could break into your house" wouldn't you want that? That's how the progress is made you know. A long time ago some Neanderthal came to another and said: "dude, look if you don't put this stone in front of your cave a bear can get there and eat you!". But that caveman was You! And you said: "You asshole you just want to get me killed by saying that my open door is unsafe!" And that's exactly why we don't see Neanderthal people around here these days.


AmneonX said:
Now in all fairness this is a good idea. I was going to hold a seminar on home network security this summer, and if I was able to use this to show more dangers of unprotected networks I feel it would be a better experience for everyone.

I kept getting an access denied error though. When I first powered the app on. That could've been the encryption though, forgot about that part.
Click to expand...

I am positive that it works on CM7. You need exec on /data and "iptables" and "su" installed. But somehow it isn't working on darkys 10rc4 rom. Also it won't work if moved/installed to SD (giving mount -o remount,exec /sdcard could help though). Try mount -o remount,exec /data and you could send me logcat of this. About encryption if you are referring to wifi encryption it only doesn't work on enterprise networks (WPA-EAP) and switches that have static arp table (very uncommon).
 
ponury said:
You know this technique is few years old at least. I'm not inventing anything here. And if someone could tell you: "hey click here - it's free - and you'll be safe because now anyone could break into your house" wouldn't you want that? That's how the progress is made you know. A long time ago some Neanderthal came to another and said: "dude, look if you don't put this stone in front of your cave a bear can get there and eat you!". But that caveman was You! And you said: "You asshole you just want to get me killed by saying that my open door is unsafe!" And that's exactly why we don't see Neanderthal people around here these days.
Click to expand...

I'm...not quite sure that's the same thing here. You're not only telling the people "hey if you don't put a stone on your door a bear will eat you", you're bringing the bear TO the opening to let the bear do the killing in the first place.

Either way this analogy is ridiculous. The argument is ridiculous. If I'm understanding this correctly this is basically an app where you can access someone elses personal information. I hope I'm wrong here because if no one sees something wrong with that then HOT DAMN what is society coming to today?
 
From my point of view I would prefer to be warned by a friend or some prankster that would leave "I'm stupid" on my wall then be "hacked" by some advertising company that would just set a guy with a laptop that would grab all my personal info and use it to spam me and do other potentially more harmful things. When I told my girlfriend to enable ssl she didn't because "some of the fb apps don't work with it". But after I showed her how easily someone could just read her messages the apps somehow didn't matter. I'm not going to say "yey! it's only for good" of course it's not. It depends on you how you use it.
 
That's great if your friend is the one doing it. I'm sure some people will grab this app and sit somewhere just waiting for the chance to log into someones facebook.
 
An app that demonstrates the lack of security in a responsible manner, without actually enabling full access to someone else's account, would be a public service.


This is a tool for illegal activity, attempting to masquerade as public service. Don't let yourself be mislead.
 
Due to the malicious possibility of this application (and the fact that this thread has basically derailed and essentially is just arguing) I'm closing this
 
Status
Not open for further replies.
Back
Top Bottom