DroidSheep is an android tool developed by Andreas Koch for security analysis in wireless networks. It is basically a session hijacking tool that allows hackers to capture session cookies over the wireless network. That means you can sniff and capture the web session profiles of a person who is on the same network.
How DroidSheep Works?
How To Use DroidSheep To Hijack Sessions?
ARP spoofing: DroidSheep will act as a router and intercept all the network traffic.
Generic Mode: It listens for any cookie, not only for the sites you know.
Then tap on the victim’s session profile….. it will display a set of options such as Open Site, Remove from List, Add host to blacklist, Export via eMail and Save Cookies.
Open Site: It allows you to use victim’s account as him/her.
Remove From List: Removes the selected session from the list.
Add host to blacklist: Prevents capturing cookies from the selected server in future.
Export via eMail: It allows you to send the cookie values via Email (This helps you to use the session the computer).
Save Cookies: It allows you to save the cookies for later use.
If you want to use victim’s web account as him/her, tap on “Open Site“…. it will take you there. Enjoy….
What Are Other Options Available On DroidSheep?
It has Clear list, Clear Blacklist, Debug, Choose WiFi and Help. Clear list allows you to clear the captured cookie sessions and the Clear blacklist allows you to clear the list of blacklisted servers.
If you are experiencing any issues while running DroidSheep, you can collect debug information through the “Debug” option. Press menu and tap Debug for starting a debug session. Then it will ask you for starting a debug session. Tap on “Yes“.
DroidSheep then starts running in debug mode, after 30 seconds, you can tap stop debugging. Then it will show you a set of options to send an email with the debug information.
You can select the target network by using “Choose WiFi” option. Help option is for your own help!
Download Link: Download DroidSheep App