FaceNiff is an Android application that lets users sniff and intercept web session profiles over Wi-Fi networks, stealing other users’ credentials from Facebook, Twitter and other services.The app requires root access on the user’s Android smartphone, but other than that it’s fairly simple to use, which makes it perhaps even more dangerous than Firesheep, a Firefox extension that lets users hijack Facebook and Twitter sessions over Wi-Fi networks. FaceNiff also works on WPA-encrypted Wi-Fi networks, which Firesheep doesn’t support.
Right now it works with Facebook, Twitter, YouTube, and Nasza-Klasa (a Polish Facebook clone), but developer Bartosz Ponurkiewicz promises more are coming.
FaceNiff is much more flexible than Firesheep as the latter requires a computer. Nearly anything is accessible to FaceNiff users, providing they can get access to protected networks.
Here is the video of faceniff demonstrating the new attack
How to protect yourself from FaceNiff?
FaceNiff cannot, however, access accounts that use https browsing, which encrypts information for a more secure browsing session. Facebook is not automatically on https. Users must enable it manually, and Twitter also requires users to manually activate it. Perhaps with the wider availability of an app like FaceNiff, https browsing will become standard.
you can download FaceNiff from its official website http://faceniff.ponury.net/
Awesp,e
ReplyDelete