This is what the scenario is it is like where the client (1) which may be a mobile device/laptops/pc connected to the internet via wifi where we are going to spoof via our droidsheep in our device.As you see the picture where the client sends packet request from the device to the access point and then to the internet.what the app does that it comes inbetween the server and the client it spoofes the address of client (1) so the server doesn’t understand the difference between the original and the faked one.
Here is the sample of the Attack:
Now we press start.It started to spoof the IP.Here I am using my HOME WIFI where it is connected with the pc and another wifi connected android device.
I now spoofed 2 sessions.now they are under my control but the client doesn’t know what I am doing from behind.
Download : Droidsheep
OMG SO THERE IS NO WAY TO PROTECT IT?
Yes,There is a way to protect it .
1.ENABLE HTTPS whenever it is possible since the cookies are encrypted the attacker cant find the write cookie.
2.Another Way is using the app which is created by DROIDSHEEP itself.It is called by “DRIODSHEEP GUARD”.
2.Another Way is using the app which is created by DROIDSHEEP itself.It is called by “DRIODSHEEP GUARD”.
It protects from attacks like this.
Here you can see when you click ”start protection” it will start protection here it shows the MAC address of the connected devices.That’s now you are secured.
No comments:
Post a Comment