ponury

Hi there, I've written an app that allows hijacking facebook sessions over WiFi.

It works only with accounts not using SSL, and it doesn't work with WPA-EAP. It can break internet connection and a lot of other stuff so use on your own risk.

It can and probably will use a LOT of CPU since it diverts all network traffic through your device and analyses every packet (not completely true).

*** ROOT IS REQUIRED ***

I have a confirmation it works on Desire, Desire HD and Galaxy S. I personally use it on Desire with CM7.

It has few bugs and if something breaks or not work please let me know I'll try to fix it.

The app is limited to switch between only 3 profiles. If you need more you can get activation key from paypal when asked for.

Okey the link to app is here: \

DISCLAIMER: I am not responsible for any damage you would make with this app. It's completely up to you.

Last edited by woop; April 20th, 2011 at 02:34 AM.

sitlet

Wow, this sounds REAL legal...

ponury

I'm not forcing you to use it. Maybe this way people will start using SSL or at least facebook will switch it on by default.

AmneonX

I can see how this would be useful. Use this to show what can happen on a public network.

Last edited by AmneonX; April 18th, 2011 at 04:46 PM. Reason: spelling

ponury

Exactly! People are completely unaware that public internet is totally unsafe. FB isn't better they've added SSL option but still only a few people know what it does and why to use it. They should enable it for everyone.

Last edited by ponury; April 18th, 2011 at 06:14 PM.

AmneonX

However it wouldnt work for me. I tried it on my moms network.

ambientdroid

OH! so you're not encouraging illegal activity; you're providing a public service!

Thanks makes it ok then.

ponury

Yes... and you didn't just now enabled SSL on your account right? And did it also on your's girlfriend/roommate pc.

ambientdroid

If only there were more people like you!!!1!

you've given me a great idea: I think more people should upgrade their old door locks to newer, safer ones that are more resistant to being picked. So, I'm going to make a bunch of skeleton keys for the old locks and give them away for free!
Disclaimer: I'm not responsible for any illegal raping and killing you might do.

AmneonX

Now in all fairness this is a good idea. I was going to hold a seminar on home network security this summer, and if I was able to use this to show more dangers of unprotected networks I feel it would be a better experience for everyone.

I kept getting an access denied error though. When I first powered the app on. That could've been the encryption though, forgot about that part.

Last edited by AmneonX; April 19th, 2011 at 07:08 AM.

ponury

You know this technique is few years old at least. I'm not inventing anything here. And if someone could tell you: "hey click here - it's free - and you'll be safe because now anyone could break into your house" wouldn't you want that? That's how the progress is made you know. A long time ago some Neanderthal came to another and said: "dude, look if you don't put this stone in front of your cave a bear can get there and eat you!". But that caveman was You! And you said: "You asshole you just want to get me killed by saying that my open door is unsafe!" And that's exactly why we don't see Neanderthal people around here these days.


I am positive that it works on CM7. You need exec on /data and "iptables" and "su" installed. But somehow it isn't working on darkys 10rc4 rom. Also it won't work if moved/installed to SD (giving mount -o remount,exec /sdcard could help though). Try mount -o remount,exec /data and you could send me logcat of this. About encryption if you are referring to wifi encryption it only doesn't work on enterprise networks (WPA-EAP) and switches that have static arp table (very uncommon).

HJAcevedo

I'm...not quite sure that's the same thing here. You're not only telling the people "hey if you don't put a stone on your door a bear will eat you", you're bringing the bear TO the opening to let the bear do the killing in the first place.

Either way this analogy is ridiculous. The argument is ridiculous. If I'm understanding this correctly this is basically an app where you can access someone elses personal information. I hope I'm wrong here because if no one sees something wrong with that then HOT DAMN what is society coming to today?

ponury

From my point of view I would prefer to be warned by a friend or some prankster that would leave "I'm stupid" on my wall then be "hacked" by some advertising company that would just set a guy with a laptop that would grab all my personal info and use it to spam me and do other potentially more harmful things. When I told my girlfriend to enable ssl she didn't because "some of the fb apps don't work with it". But after I showed her how easily someone could just read her messages the apps somehow didn't matter. I'm not going to say "yey! it's only for good" of course it's not. It depends on you how you use it.

HJAcevedo

That's great if your friend is the one doing it. I'm sure some people will grab this app and sit somewhere just waiting for the chance to log into someones facebook.

amlothi

An app that demonstrates the lack of security in a responsible manner, without actually enabling full access to someone else's account, would be a public service.


This is a tool for illegal activity, attempting to masquerade as public service. Don't let yourself be mislead.

__________________
Please search the forums.
Need Tasker Help?
Having Battery problems?

woop

Due to the malicious possibility of this application (and the fact that this thread has basically derailed and essentially is just arguing) I'm closing this

__________________
GOOD posts:
BAD posts:


PLEASE READ ME!