Tuesday, January 10, 2012

Android network sniffing

The problem with android is that: until now, there hasn't been any Android device that can put its WiFi chipset on monitoring mode. It's a downside especially if you wanted to collect packets from open WiFi network or just to crack encrypted ones. The other problem is that: you need to root your device in order to get sniffers to work. So if you already did the latter, you may find the rest of the post interesting.

Some Android apps achieved to manage sniffing packets, like Shark for root, but that will let you gather only your device's packets data. So, what is needed next, is, an app that can induct ARP poisoning to re-direct packets from the network to your device; few applications succeeded in to bringing this to reality like FaceNiff and DroidSheep. I tried DroidSheep and it worked very well, it even has the ability to capture packets that look interesting such as login information and cookies and then present it to you. It still doesn't work with https, unless one day the developer decides to add SSL spoofing to it.
The only way to download DroidSheep is from its maker's site, since Android Market had it removed for breaking its rules.

Finally, you need to be cautious if you wanted to do ARP poisoning on networks that are not yours, since lots of them are protected against that attack and they warn users if it happens. Adding to that DroidSheep maker had created another application to test the network for ARP poisoning, that application is called DroidSheep Guard, the developer claims it works on non-rooted devices; I haven't tested DroidSheep Guard yet, but I think if you are paranoid about using public WiFi-s you may give it a try.

Labels: , , ,

Smilar pages