FaceNiff Tool - Android App For Hackers

FaceNiff Tool - Android App

FaceNiff is an android tool for hackers (newbies) who want to sniff and intercept web session profiles over the WiFi connection. That means, if you want to hack into a Facebook account which is using the same WiFi network, you can use FaceNiff. Technically, it's not possible right now, because the Facebook has made SSL encryption mandatory to all connections.

But don't worry, I have found a social networking site that still runs without https, so you can play with FaceNiff.... excited  ?

How FaceNiff Works ?

When you "start" the FaceNiff, it will monitor all the network traffic over the WiFi, then it will capture unencrypted session ID cookies from the websites. Then it will allow you to enter victims account as him/her.

The exact working of FaceNiff can be called as Session Hijacking. You can read a detailed and simplified article on Session Hijacking here

What Are The Requirements ?

First of all, your android phone must be rooted.

Then download the Faceniff android application.

Updated: Download Faceniff [ZippyShare Link] (RAR password is: effecthacking)

You can use the RAR app to extract compressed files on android.



How To Hijack Sessions ?

Install the FaceNiff application...

Then, open it...

... and grant root access to it. 

Make sure you are connected to a WiFi network and you have a target on the same network.

Now, you have a screen something like this :

Faceniff android tool

Now, tap on the top left button "Offline" to make it "Online". Then tap on the "START" button...

The FaceNiff will start to display the unencrypted sessions... ( see the image below) :

Faceniff android tool for hackers

FaceNiff will not display anything,  if you don't have target ( who is using http to access a web account).

If the victim is using https, you can try tapping on "SSL Strip" to force the victims browser to fall back on http. I think, SSL striping will not work on Facebook and blogger , because they are using HSTS (HTTP Strict Transport Security) to protect against downgrade attacks.

At the time of testing this app, I found that the website vk.com also known as vkontakte.ru is running on http and can use FaceNiff to steal session cookies. 

Tap on the unencrypted sessions displayed on the FaceNiff and use the stock browser to access the webpage.

Now you have the victims web account. Well done! (Remember: If the victim logged out from the account, you will also be logged out automatically)

What Are The Options Available On FaceNiff ?

It has a stealth mode, SSL strip, can export or import sessions, vibration alert when new profile is found, and the filter services that allows you to filter the session ID cookies.

If the normal mode didn't display any profiles/session ID cookies, you can use Stealth mode (slower than normal mode) to capture unencrypted session ID cookies.

If you like this article, share it with your friends.

Any doubts? Put it in the comment section below, I would like answer it.



7 comments :

  1. It's not work on my device, said that I already used it before but it's not true.

    ReplyDelete
  2. Its locked. How to unlock faveniff? Thanks

    ReplyDelete
  3. Note: link is dead on media fire. flagged as dangerous, maybe upload as .rar or .7zip file.

    ReplyDelete
  4. http://www.faceniff.ponury.net/ for a good download link.

    ReplyDelete
  5. Will not work no more

    ReplyDelete

Powered by Blogger.