DroidSheep is an application which proves how insecure social networks such as Facebook can be. Browsing without a secured protocol will allow user of this or similar applications to hijack your session.
Before we begin I would like to quote words from the author
DroidSheep is NOT INTENDED TO STEAL IDENTITIES.
It shall show the weak security properties of big websites just like Facebook. Please be always aware of what you’re doing.
For the purpose of this demonstration I’m using my brother’s Facebook account with his permission.
Scanning For Active Session
Once you are connected to a wireless connection it will start scanning for any active sessions. DroidSheep will capture sessions from sites such as Facebook, Twitter and LinkedIn.
Listing Captured Sessions
The application will list every unsecured sessions. You can choose to let it keep scanning or stop it when you have found your target.
Choose the desired target and you will have to choose which action you want to proceed with.
Hijacking The Account
For this review I chose the action to view it in browser.
Finally you are able to browse the targeted account without the owner’s knowledge.
Disclaimer
As quoted earlier, this application is not intended for stealing identities. Its purpose is to show how dangerous it is to browse without a secured protocol. The intention of this review is the same. I am not responsible for any damages being done as the result of this review.
There is no link to this application being provided. If you are interested to use DroidSheep, you have to find it yourself.
Protecting Your Account
Most social sites do provide secure browsing. Unfortunately they are not enabled by default. In Facebook it can be enabled easily.
Go to Account Settings and choose Security. Click on Secure browsing and tick the option “Browse Facebook on a secure connection (https) when possible“.
Once done press on Save Changes. Now, your account is (should be) safe for browsing on any wireless connection.
I hope with this review the awareness for browsing with secured protocol will increase. The worse thing can happen is someone to hijack your privacy.
